RE: [FW1] cannot connect to public address

[Lim Fung Han <fhlim@FW1-NOSPAMncs.com.sg>]

Hi,

1. Anti-spoofing may be droping the ping packets 

 

2. no rules for ping packets to go back to your internal clients

 

3.  internal network also need NAT .... may need to use hide mode since u have quite a number of clients ...

 

best regards

Fung Han

-----Original Message-----
From: Tony Wong [mailto:twong@SolutionCentral.com]
Sent: Thursday, March 01, 2001 3:56 AM
To: fw-1-mailinglist-digest@lists.us.checkpoint.com
Subject: [FW1] cannot connect to public address

We recently moved to usiing NAT on our firewall:

 

Private range: 192.168.0.0 -- 192.168.0.1- 192.168.0.100 for servers switches etc

 

DHCP: 192.168.0.101 - 254 DHCP clients

 

We have internal web servers and mail server with FQDNs that outside can access no problems by its static NAT public address.

 

Problem is internal client cannot connect to these public (statically natted) ip addresses within the local network.

 

They can connect to it with the private address.

 

The only fix I have so far is by putting host files in their machines so that the web and mail servers gets resolved to the private ip address. Also using internal DNS.

 

Question is why are these internal clients not being able to access the public ip address of the web server. I cannot ping this web server by its public ip address.

 

I can ping the firewall both internal and public ip address. 

 

 

Yes the web server's statically nated address is in the same subnet as the firewall's external ip. 

 

 

Thanks