Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Splitting NAT to two Different Severes

To: "''Jeff Ensminger' '" <[email protected]>, "''fwmailing' '" <[email protected]>
Subject: RE: [FW1] Splitting NAT to two Different Severes
From: Amin Tora <[email protected]>
Date: Thu, 18 Jan 2001 23:07:37 -0500
Sender: [email protected]


Jeff,

You will need to place a static route entry from the valid address to one of
the internal addresses..

Then you will need to enable "ip forwarding" on that same server that you
used in the static route so it can forward packets to the other internal
server if need be..  

You need to do this because routing occurs before translation. As the
routing decision is made, the OS needs to know that the packet must be
routed to the internal network... so you can place a route such as:

route -p add 209.46.53.10 192.168.1.1

Then on the server 192.168.1.1 you need to enable "IP Forwarding" in the
TCP/IP properties tab, so it can forward packets to 192.168.1.2.

This will cause traffic to always be fowarded to 192.168.1.1 and routed to
192.168.1.2 only if the destination is set to be so...   

Overall, I recommend against using such translation; because, as your
services increase or the number of servers increase, your address
translation rule base becomes more complex and you won't be able to forward
packets to different servers on the same port.  For example, services like
"FTP" require seperate data channels to be established to the same port...
so these services will not be supported.

Also see this link for more info:  http://www.phoneboy.com/fw1/faq/0022.html


Amin Tora
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS

-----Original Message-----
From: Jeff Ensminger [mailto:[email protected]]
Sent: Thursday, January 18, 2001 10:35 AM
To: [email protected]
Subject: [FW1] Splitting NAT to two Different Severes



I am at a roadblock on how to solve this issue:

On an NT network I want to host the website for domain "onlydomain.com"
on a
web server (192.168.1.1),
and host email for the same "onlydomain.com" on a separate email server
(192.168.1.2).
Both servers reside the same one fw-1 server.
I only have one public IP (209.46.53.10)available to use for both NATs.
I have created net objects for both as such:
	webserver  valid=209.46.53.10, real=192.168.1.1
	mailserver valid=209.46.53.10, real=192.168.1.2

I have the proper .arp entry of "209.46.53.10    [mac address of fw-1
ext
nic]".

I have rules allowing for access (in and out) for both servers with the
proper protocols (HTTP, and SMTP, Pop3, respectively).

The problem is that only the mail requests are properly routed. The web
requests are routed to the mail server also, resulting in a page error
for
the client browser.

Regardlesss of the rule-order of the two, the same result occurs.
However, if I delete the net object of the mailserver, the web requests
are
fulfilled properly.

Is it not possible to use one public IP to address both email and web
server
for the same domain, through NAT?

I have received a couple of good suggestions, but don't seem to solve
the
issue.
I also have been all through Phoneboy's site (many times) to no avail.
Does anyone know how to perform this feat?
Thanks to all for at least scratching your heads to see if anything
comes
up!


Jeff   "Gus"   Ensminger
Network Administrator
RGI Marketing Group, inc.
Orlando, FLext. 104
http://www.rgimarketing.com

 <<...OLE_Obj...>> 








========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] FW: Licensing Firewall-1 DoS Attack
Next by Date: RE: [FW1] FW-1 smalloffice appliances
Previous by thread: RE: [FW1] Splitting NAT to two Different Severes
Next by thread: [FW1] NOKIA IP650 Fail-over notification
Index(es):
- Date
- Thread