NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT on several ports



Hi

If you have your firewall connected to both networks: internet and the
network where you have your hosts A, B, C, is it necessary to add static
routes?  I don´t think so, unless you have your hosts connected in another
network.  Maybe you only need to add an arp entry to associate your public
IP address with the physical address of the external interface of your fw.

Regards.

-----Mensaje original-----
De: Mario Kadastik [mailto:[email protected]]
Enviado el: Martes, 13 de Marzo de 2001 02:26 p.m.
Para: Ricardo Mirez Ballesteros; António Cardoso;
[email protected]
Asunto: Re: [FW1] NAT on several ports 


Hello All

I just wanted to say a few words too as I have tested it just a bit and
didn't get
it either ...

As I can understand the main problem for Antonio is not the policy editor,
but how
to do the static routes in OS. If he routes the public IP to IP A, how can
the other packets
that are translated to other IP-s be routed ?

I mean: I can't do this:
(in solaris)

# route add -host public_ip internal_ip_A
# route add -host public_ip internal_ip_B

or what ?

Now let's assume I have static NAT that translates packets for public_ip on
port 80 to internal_ip_A port 80
and translates public_ip on port 443 to internal_ip_B port 443 ...

* Now when the packets for port 80 reaches FW, it'll match the nat rules and
be translated. Now it's passed
   on to operating system, who routes it to internal_ip_A (that's what we
wanted).

* Now when the packets for port 443 reaches FW, it'll match the nat rules
and be translated. Now it's passed
   on to operating system, who routes it to internal_ip_A (that's not what
we wanted).

How to clear up that paradox ???

Mario Kadastik
CCSE
Estonian Telecommunications Co Ltd

----- Original Message -----
From: Ricardo Mirez Ballesteros <[email protected]>
To: António Cardoso <[email protected]>;
<[email protected]>
Sent: Tuesday, March 13, 2001 8:02 PM
Subject: RE: [FW1] NAT on several ports


>
> Hi there
>
> you only have to define static NAT in your policy editor, something like
> this:
>
> Original Packet:
> Source: Any
> Destination: Valid IP
> Service: http
>
> Translated Packet:
> Source: Orig
> Destination: IP B
> Service: Orig
>
> and so on.
>
> Regards
>
> -----Mensaje original-----
> De: António Cardoso [mailto:[email protected]]
> Enviado el: Martes, 13 de Marzo de 2001 12:24 p.m.
> Para: [email protected]
> Asunto: RE: [FW1] NAT on several ports
>
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> the Public IP is the same and I think that I need to do a static rule and
a
> route to that server
> eg
>
> route add PublicIP mask 255.255.255.255 privateIP
>
> right ???
> so How do I put the second one ?
>
> - -----Original Message-----
> From: Dan Guinn [mailto:[email protected]]
> Sent: Tuesday, March 13, 2001 5:13 PM
> To: 'António Cardoso'; [email protected]
> Subject: RE: [FW1] NAT on several ports
>
>
> sounds like you just need to add all the services you want to NAT into
> different NAT rules...
>
> e.g.
> Source Destination Service XlatedSource
> XlatedDest XlatedService
> 1) Any ExternalIP http Any
> InternalIP http
> 2) InternalIP Any http ExternalIP Any
> http
>
> Dan Guinn
> NetStar Communications



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.