NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Static NAT




Ben,

On Sat, 24 Feb 2001, Ben Cuthbert wrote:

> Having some problems with static NAT, 
> 
> I have un-registered ip address on my Local-NET
> ie 192.168.0.0
> 
> my firewall has and internal interface of 192.168.0.1
> and my windows host on the local-NET has and ip address of 192.168.0.2
> 
> the firewalls ext interface is 10.10.10.1 
> and the host that my LOCAL-NET is trying to contact is 10.10.10.2
...
> the address the windows host is hiding behind is 192.168.254.150

First, if the windows machine is 192.168.0.2 and it is trying to contact
10.10.10.2 ... who/what/huh is hiding behind 192.168.254.150 ??

Second, can the machines in question ping each other (make sure ICMP is
permitted in a rule or policy->properties)

Third, you said you snooped the internal interface, have you snooped the
external interface?  What do you see when you do?

from your question, it appears that your network looks like this, is this
correct?

 _____INT-NET=192.168.0.0/24__|___EXT-NET=10.10.10.0/24___
 [192.168.0.2]---[192.168.0.1 | 10.10.10.1]---[10.10.10.2]
  int.host        fw.int.if   | fw.ext.if      ext.host

forgive the "drawing" ascii has never been my medium, but I can't email
you the side of a bus ;-)

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--gill  | Tatu Ylonen, SSH 1.2.12 README:  "Beware that the most effective
        | way for someone to decrypt your data may be with a rubber hose."



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.