[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT on several ports
Hi If you have your firewall connected to both networks: internet and the network where you have your hosts A, B, C, is it necessary to add static routes? I don´t think so, unless you have your hosts connected in another network. Maybe you only need to add an arp entry to associate your public IP address with the physical address of the external interface of your fw. Regards. -----Mensaje original----- De: Mario Kadastik [mailto:[email protected]] Enviado el: Martes, 13 de Marzo de 2001 02:26 p.m. Para: Ricardo Mirez Ballesteros; António Cardoso; [email protected] Asunto: Re: [FW1] NAT on several ports Hello All I just wanted to say a few words too as I have tested it just a bit and didn't get it either ... As I can understand the main problem for Antonio is not the policy editor, but how to do the static routes in OS. If he routes the public IP to IP A, how can the other packets that are translated to other IP-s be routed ? I mean: I can't do this: (in solaris) # route add -host public_ip internal_ip_A # route add -host public_ip internal_ip_B or what ? Now let's assume I have static NAT that translates packets for public_ip on port 80 to internal_ip_A port 80 and translates public_ip on port 443 to internal_ip_B port 443 ... * Now when the packets for port 80 reaches FW, it'll match the nat rules and be translated. Now it's passed on to operating system, who routes it to internal_ip_A (that's what we wanted). * Now when the packets for port 443 reaches FW, it'll match the nat rules and be translated. Now it's passed on to operating system, who routes it to internal_ip_A (that's not what we wanted). How to clear up that paradox ??? Mario Kadastik CCSE Estonian Telecommunications Co Ltd ----- Original Message ----- From: Ricardo Mirez Ballesteros <[email protected]> To: António Cardoso <[email protected]>; <[email protected]> Sent: Tuesday, March 13, 2001 8:02 PM Subject: RE: [FW1] NAT on several ports > > Hi there > > you only have to define static NAT in your policy editor, something like > this: > > Original Packet: > Source: Any > Destination: Valid IP > Service: http > > Translated Packet: > Source: Orig > Destination: IP B > Service: Orig > > and so on. > > Regards > > -----Mensaje original----- > De: António Cardoso [mailto:[email protected]] > Enviado el: Martes, 13 de Marzo de 2001 12:24 p.m. > Para: [email protected] > Asunto: RE: [FW1] NAT on several ports > > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > the Public IP is the same and I think that I need to do a static rule and a > route to that server > eg > > route add PublicIP mask 255.255.255.255 privateIP > > right ??? > so How do I put the second one ? > > - -----Original Message----- > From: Dan Guinn [mailto:[email protected]] > Sent: Tuesday, March 13, 2001 5:13 PM > To: 'António Cardoso'; [email protected] > Subject: RE: [FW1] NAT on several ports > > > sounds like you just need to add all the services you want to NAT into > different NAT rules... > > e.g. > Source Destination Service XlatedSource > XlatedDest XlatedService > 1) Any ExternalIP http Any > InternalIP http > 2) InternalIP Any http ExternalIP Any > http > > Dan Guinn > NetStar Communications ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|