NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Final NAT question



One final question about NAT'ing if I may, in accordance with my prior post,
regarding the configurations since its established this is format is correct,
machine.int is the VPN Address and machine.ext is the static address.



Rule 1
Original Packet 		Translated Packet 
Source 		Dest 	Svce 	Source 		Dest 		Svce 
Machine.int 	Any 	Any 	machine.ext 	Original 	Original 

Rule 2 
Original Packet 		Translated Packet 
Source 	Dest 		Svce 	Source 	 Dest 		Svce 
Any 	machine.ext 	Any 	Original machine.int 	original



All that's left is adding static routes and ARP entries on the firewall server itself correct?
(like so correct) then adding that to /etc/rc.d/* (to always be effective on startup)

route  add  machine.int machine.ext
arp -s  machine.ext  00:11:00:11:00:11

Now my second question is, what about a network with over say 200 machines, doesn't this solution seem a 
bit tedious to configure dual objects for each machine and having a configuration set up as such?

----------------------------------------------------------------------
J. Oquendo 
[email protected] 		[email protected] 
http://www.disgraced.org   |    http://www.antioffline.com 
"When I am Buddhist, everyone is mad at me. When I am Buddha, everyone
 is happy." 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.