[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] NAT external host to internal address (kind of backwards NAT)
I need to NAT a valid external address to an invalid internal address. Kind of a reverse of what you'd typically expect for NAT, in that the external host address belongs to a physical system and the internal address is fictitious. The reason we are doing this funny business is that want to be able to reach an external host through a firewall, but avoid having to update all the internal routers with static routes to this host. The thinking is that the internal hosts already understand how to route to the firewall and its internal segment. By NAT'ing the external host to an address on the firewalls internal segment we think it should work. But it doesn't. I setup a workstation object just like I would any other, the address being the invalid internal address (10.x.x.x) and under the NAT tab, the valid address being the external hosts IP (159.x.x.x). I also set up a proxy ARP on the firewall (Nokia IP330) but instead of using the MAC address of the external interface I used the MAC address of the internal interface. I also added a static route on the firewall to forward anything addressed to the 10.x.x.x address to the external router. Now I'm getting host unreachable's reported from the firewall whenever I do ping's? Any idea's? ---------------------------------------------------------------------------------------- Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [email protected] Voice:Fax:================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|