[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] NATTing more than one network class
Are you trying to hide the internal networks behind a different *single* IP address or are you trying to hide the different internal networks behind different *blocks* of addresses? Assuming that you are mapping one network to one IP address you'll need to do this: - create a network object for each network: -on the general tab put the internal network address/mask -on the NAT tab put the external address (check the box!) - configure routing on the firewall so that the external address routes to the gateway for the internal network (if not local). (solaris: route add <external IP> <internal router or gw> ) - publish the arp so that packets to the other external IPs get delivered to the firewall: (solaris: arp -s <external IP> <MAC address of the FW ext_if> pub ) Finally, create rules in the policy to allow traffic out from the internal networks, use the xlate src & xlate dest columns in the logviewer to troubleshoot. hth, --gill On Mon, 12 Feb 2001, Velasquez Venegas Jaime Omar wrote: > > We have this situation > Trusted Networks: > 172.16.12.0 (which has to be natted to a.b.c1.d) > 172.16.13.0 (which has to be natted to a.b.c2.d) > 172.16.14.0 (which has to be natted to a.b.c3.d) > > FW-1 has one internal interface and one external interface:(valid ip > address): a.b.c1.d > Question: Due to I have to nat every internal network to a different valid > ip address , what is the recommended approaching to this: static routes on > router for every single valid ip address or an ip-alias for the single > external interface on the firewall. > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --gill | Tatu Ylonen, SSH 1.2.12 README: "Beware that the most effective | way for someone to decrypt your data may be with a rubber hose." ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|