Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NATTing more than one network class

To: Velasquez Venegas Jaime Omar <[email protected]>
Subject: Re: [FW1] NATTing more than one network class
From: Gill <[email protected]>
Date: Mon, 12 Feb 2001 19:32:41 -0500 (EST)
Cc: "FW1-MailingList (E-mail)" <[email protected]>
In-reply-to: <[email protected]>
Sender: [email protected]


Are you trying to hide the internal networks behind a different *single*
IP address or are you trying to hide the different internal networks
behind different *blocks* of addresses?

Assuming that you are mapping one network to one IP address you'll need to
do this:

- create a network object for each network:
	-on the general tab put the internal network address/mask
	-on the NAT tab put the external address (check the box!)
- configure routing on the firewall so that the external address
  routes to the gateway for the internal network (if not local).
	(solaris:
	  route add <external IP> <internal router or gw>
	)
- publish the arp so that packets to the other external IPs get
  delivered to the firewall:
	(solaris:
	  arp -s <external IP> <MAC address of the FW ext_if> pub
	)

Finally, create rules in the policy to allow traffic out from the internal
networks, use the xlate src & xlate dest columns in the logviewer to
troubleshoot.

hth,

--gill

On Mon, 12 Feb 2001, Velasquez Venegas Jaime Omar wrote:
> 
> We have this situation
> Trusted Networks:
> 172.16.12.0 (which has to be natted to a.b.c1.d)
> 172.16.13.0 (which has to be natted to a.b.c2.d)
> 172.16.14.0 (which has to be natted to a.b.c3.d)
> 
> FW-1 has one internal interface and one external interface:(valid ip
> address): a.b.c1.d
> Question: Due to I have to nat every internal network to a different valid
> ip address , what is the recommended approaching to this: static routes on
> router for every single valid ip address or an ip-alias for the single
> external interface on the firewall.
> 

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--gill  | Tatu Ylonen, SSH 1.2.12 README:  "Beware that the most effective
        | way for someone to decrypt your data may be with a rubber hose."



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] NATTing more than one network class
  - From: Velasquez Venegas Jaime Omar <[email protected]>

Prev by Date: Re: [FW1] FW-1 smalloffice appliances
Next by Date: [FW1] Firewall Error messages in NT Application event log
Previous by thread: [FW1] NATTing more than one network class
Next by thread: [FW1] SecuRemote client build 4174
Index(es):
- Date
- Thread