[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Port fowarding
"Ejvind, Kristian" schrieb: > > Then create the NAT rules > > > > Original Translated > > Source / Destination / Service --> Source / Destination / Service > > -------------------------------------------------------------- > > ----------------- > > Any / ext-fw / pop3 --> Original / int_pop / Original > > Any / ext-fw / smtp --> Original / int_smtp / Original > > Any / ext-fw / http --> Original / int_www / Original > > Would you mind describing the hard part as well? > > Exactly how do you setup your routing table on the firewall? > > *evil grin* That's easy: route add 1.1.1.1 22.22.22.22 Where 1.1.1.1 is the NATed "universal server" address (above described as EXT-FW) and 22.22.22.22 the address of the router between the FW and the internal servers. Maybe you will have to add the necessary entries to your ARP table manually. *innocent babyface* ;-) Another minimal solution: build a DMZ, place a "universal server" there with a proper configured RINETD or XINETD + REDIR installed which forwards the connections to the diversified internal servers. This will have the advantage that you do not have to have an internal router - and the IP stream is broken up so IP-level attacks (false fragmentation etc.) will be stopped in the DMZ. Okay, could be made with an internal server, too... Bye Volker -- Volker Tanger <[email protected]> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|