[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] single static IP for NAT
I have had the same problems as well... as a work-around, I put a static route in on my router to the firewall for the addresses to be natted, and a static route on the firewall routing the external statics to the appropriate internal address. Kinda crude, but it works. Dan Guinn NetStar Communications -----Original Message----- From: Michael Wozniak [mailto:[email protected]] Sent: Thursday, February 15, 2001 11:21 AM To: Fw-1-Mailinglist Subject: RE: [FW1] single static IP for NAT Kai, I assume by your .sig, you are running FW-1 on Linux. I am having the same problem and Checkpoint has been unable to help me so far (I have 9 10/100 interfaces and various reserved and non-reserved subnets with assorted types of NAT in all directions but I can't even get Static NAT to work with just 2 interfaces.) I am attempting in install on NT as an interim measure. Can anyone suggest a configuration of Linux that FW-1 works with? Mike > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of Kai > Kretschmann > Sent: Thursday, February 15, 2001 00:26 > To: [email protected] > Subject: [FW1] single static IP for NAT > > > > Once more and more detailed question: > I reduced my rules to the bare nedded once. I have a rule for > incoming http > which I permit to a internal host which has a private IP. > > It is static NATed to the firewalls external interface. I can see the > accepted packets in the log and they even get translated from the old > destination (the firewall) to the new one (the internal host). I can see > via snoop on the external i/f the incoming request but I don't > see anything > going out of the firewall again via snoop on the internal device. > > Is there anything I missed with routing, arp etc? I don't think it should > be needed, as the two interfaces on the firewall are well known > to solaris, > the servers can be pinged happily. > > I really need a detailed example of a working very simple net, > one real IP, > a private local net and one service (http) allowed to come in. > Please, :-) > > > -- > "The software said it requires Windows 95 or better, so I installed Linux" > > M.I.T newmedia Tel. 06172-7100-139 > Am Zollstock 1 FAX 06172-7100-10 > D- 61381 Friedrichsdorf > > > > ================================================================== > ============== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================== > ============== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|