Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] single static IP for NAT

To: "'Dan Guinn'" <[email protected]>, "'Fw-1-Mailinglist'" <[email protected]>
Subject: RE: [FW1] single static IP for NAT
From: "corne" <[email protected]>
Date: Fri, 16 Feb 2001 11:17:49 +0200
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

this is the way to do nat, so nothing crude about it...

-from external router, route legal ip's to the fw's outside
-create the object on the fw, define the legal and illegal addresses
-add a route on the fw: route add <legal ip> <illegal ip>

corne

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On 
> Behalf Of Dan
> Guinn
> Sent: Thursday, February 15, 2001 7:03 PM
> To: Fw-1-Mailinglist
> Subject: RE: [FW1] single static IP for NAT
> 
> 
> 
> I have had the same problems as well...
> 
> as a work-around, I put a static route in on my router to the 
> firewall for
> the addresses to be natted, and a static route on the 
> firewall routing the
> external statics to the appropriate internal address.  Kinda 
> crude, but it
> works.
> 
> Dan Guinn
> NetStar Communications
> 
> -----Original Message-----
> From: Michael Wozniak [mailto:[email protected]]
> Sent: Thursday, February 15, 2001 11:21 AM
> To: Fw-1-Mailinglist
> Subject: RE: [FW1] single static IP for NAT
> 
> 
> 
> 
> Kai, I assume by your .sig, you are running FW-1 on Linux.  I 
> am having
> the same problem and Checkpoint has been unable to help me so 
> far (I have
> 9 10/100 interfaces and various reserved and non-reserved subnets with
> assorted types of NAT in all directions but I can't even get 
> Static NAT
> to work with just 2 interfaces.)  I am attempting in install 
> on NT as an
> interim measure.
> 
> Can anyone suggest a configuration of Linux that FW-1 works with?
> 
> Mike
> 
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]]On 
> Behalf Of Kai
> > Kretschmann
> > Sent: Thursday, February 15, 2001 00:26
> > To: [email protected]
> > Subject: [FW1] single static IP for NAT
> >
> >
> >
> > Once more and more detailed question:
> > I reduced my rules to the bare nedded once. I have a rule for
> > incoming http
> > which I permit to a internal host which has a private IP.
> >
> > It is static NATed to the firewalls external interface. I 
> can see the
> > accepted packets in the log and they even get translated 
> from the old
> > destination (the firewall) to the new one (the internal 
> host). I can see
> > via snoop on the external i/f the incoming request but I don't
> > see anything
> > going out of the firewall again via snoop on the internal device.
> >
> > Is there anything I missed with routing, arp etc? I don't 
> think it should
> > be needed, as the two interfaces on the firewall are well known
> > to solaris,
> > the servers can be pinged happily.
> >
> > I really need a detailed example of a working very simple net,
> > one real IP,
> > a private local net and one service (http) allowed to come in.
> > Please, :-)
> >
> >
> > --
> > "The software said it requires Windows 95 or better, so I 
> installed Linux"
> >
> > M.I.T newmedia              Tel. 06172-7100-139
> > Am Zollstock 1              FAX  06172-7100-10
> > D- 61381 Friedrichsdorf
> >
> >
> >
> > ==================================================================
> > ==============
> >      To unsubscribe from this mailing list, please see the 
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > ==============
> 
> 
> 
> ==============================================================
> ==============
> ====
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==============
> ====
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] Packet Liftime for IKE from CP
  - From: "Martin WF Hui" <[email protected]>
- RE: [FW1] single static IP for NAT
  - From: "Michael Wozniak" <[email protected]>

References:
- RE: [FW1] single static IP for NAT
  - From: Dan Guinn <[email protected]>

Prev by Date: RE: [FW1] Nokia vs. NT
Next by Date: [FW1] fw-1 ver. 4.0 -> 4.1 sp3 upgrade
Previous by thread: RE: [FW1] single static IP for NAT
Next by thread: [FW1] Packet Liftime for IKE from CP
Index(es):
- Date
- Thread