[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] NAT problems
Title: RE: [FW1] NAT problems
also
make sure you have updated your routing tables on the firewall to reflect the
NAT.
Steve, you may possibly need to add a proxy ARP entry.
BTW, what platform are you using?
Jarrett
-----Original Message----- From: Steve
Meeters [mailto:[email protected]]
Sent: Monday, March 12, 2001 21:36 To: [email protected] Subject: [FW1] NAT problems
We are migrating from a managed firewall service to our own CP
firewall and I have one connection that I'm having
trouble making work with the CP.
We have a web site at an external hosting service. Customers
can fill out a form and submit the information to a
web server located behind our firewall. The internal
web server uses a private IP address. The hosted web site is set up to send the submitted information to port 81 on the
external interface of the firewall. The firewall then
forwards the information to port 80 of the internal
web server.
I've set up the following rule:
Source = IP address of the hosted web site Destination = IP address of the external interface of the
firewall Service = Port 81 Action = ""> Log = Long
I've also set up the following static NAT:
Original Packet Source = IP address of
the hosted web site Destination = IP address of the
external interface of the firewall Service = Port
81
Translated Packet Source = IP address
of the hosted web site Destination = IP address
(private) of the internal web server Service = Port
80
The firewall logs show the information is being received and
accepted on the external interface and the translation
is being performed, however nothing shows up at the
internal web server.
Any suggestions?
Thanks, Steve
_______________________________________________________
Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
**********************************************************************
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone. In such case,
you should destroy this message and kindly notify the sender by
reply email. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate
to the official business of Marrakech and shall be understood as
neither given nor endorsed by it.
**********************************************************************
|