Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] single static IP for NAT

To: "Fw-1-Mailinglist" <[email protected]>
Subject: RE: [FW1] single static IP for NAT
From: "Michael Wozniak" <[email protected]>
Date: Fri, 16 Feb 2001 10:23:19 -0800
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]


And as I just discovered on my own, the SP2 GUI (from the CD)
doesn't seem to create the NAT rules correctly.  The SP3 GUI
made everything work for me (albeit under NT for now.)

Mike

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> corne
> Sent: Friday, February 16, 2001 01:18
> To: 'Dan Guinn'; 'Fw-1-Mailinglist'
> Subject: RE: [FW1] single static IP for NAT
>
>
>
> this is the way to do nat, so nothing crude about it...
>
> -from external router, route legal ip's to the fw's outside
> -create the object on the fw, define the legal and illegal addresses
> -add a route on the fw: route add <legal ip> <illegal ip>
>
> corne
>
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]]On
> > Behalf Of Dan
> > Guinn
> > Sent: Thursday, February 15, 2001 7:03 PM
> > To: Fw-1-Mailinglist
> > Subject: RE: [FW1] single static IP for NAT
> >
> >
> >
> > I have had the same problems as well...
> >
> > as a work-around, I put a static route in on my router to the
> > firewall for
> > the addresses to be natted, and a static route on the
> > firewall routing the
> > external statics to the appropriate internal address.  Kinda
> > crude, but it
> > works.
> >
> > Dan Guinn
> > NetStar Communications
> >
> > -----Original Message-----
> > From: Michael Wozniak [mailto:[email protected]]
> > Sent: Thursday, February 15, 2001 11:21 AM
> > To: Fw-1-Mailinglist
> > Subject: RE: [FW1] single static IP for NAT
> >
> >
> >
> >
> > Kai, I assume by your .sig, you are running FW-1 on Linux.  I
> > am having
> > the same problem and Checkpoint has been unable to help me so
> > far (I have
> > 9 10/100 interfaces and various reserved and non-reserved subnets with
> > assorted types of NAT in all directions but I can't even get
> > Static NAT
> > to work with just 2 interfaces.)  I am attempting in install
> > on NT as an
> > interim measure.
> >
> > Can anyone suggest a configuration of Linux that FW-1 works with?
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: [email protected]
> > > [mailto:[email protected]]On
> > Behalf Of Kai
> > > Kretschmann
> > > Sent: Thursday, February 15, 2001 00:26
> > > To: [email protected]
> > > Subject: [FW1] single static IP for NAT
> > >
> > >
> > >
> > > Once more and more detailed question:
> > > I reduced my rules to the bare nedded once. I have a rule for
> > > incoming http
> > > which I permit to a internal host which has a private IP.
> > >
> > > It is static NATed to the firewalls external interface. I
> > can see the
> > > accepted packets in the log and they even get translated
> > from the old
> > > destination (the firewall) to the new one (the internal
> > host). I can see
> > > via snoop on the external i/f the incoming request but I don't
> > > see anything
> > > going out of the firewall again via snoop on the internal device.
> > >
> > > Is there anything I missed with routing, arp etc? I don't
> > think it should
> > > be needed, as the two interfaces on the firewall are well known
> > > to solaris,
> > > the servers can be pinged happily.
> > >
> > > I really need a detailed example of a working very simple net,
> > > one real IP,
> > > a private local net and one service (http) allowed to come in.
> > > Please, :-)
> > >
> > >
> > > --
> > > "The software said it requires Windows 95 or better, so I
> > installed Linux"
> > >
> > > M.I.T newmedia              Tel. 06172-7100-139
> > > Am Zollstock 1              FAX  06172-7100-10
> > > D- 61381 Friedrichsdorf
> > >
> > >
> > >
> > > ==================================================================
> > > ==============
> > >      To unsubscribe from this mailing list, please see the
> > instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > > ==================================================================
> > > ==============
> >
> >
> >
> > ==============================================================
> > ==============
> > ====
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==============
> > ====
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] single static IP for NAT
  - From: "corne" <[email protected]>

Prev by Date: [FW1] Packet Liftime for IKE from CP
Next by Date: [FW1] Re: CheckPoint & List Manager
Previous by thread: Re: [FW1] Packet Liftime for IKE from CP
Next by thread: Antwort: [FW1] Redhat, FW-1, and packages
Index(es):
- Date
- Thread