[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Strange FW behaviour with Proxy
Michael, By more general, do you mean something like haveing a network (internal) Hide NAT'd to the fw's external leg, where the internal proxy is using an iddress from that network ? If so, I do have such. Would moving the NAT rule of the internal proxy above this "general" NAT rule do the trick ? Very strange this. Thanks, Mike > -----Original Message----- > From: Meacle, Michael A [SMTP:[email protected]] > Sent: â àôøéì 10 2001 9:33 > To: 'Mike Glassman - Admin'; 'fw-1 listserv' > Subject: RE: [FW1] Strange FW behaviour with Proxy > > Mike, > > In your fw gui , have a look on the "Address Translation" tab. > > When a packet is to be NAT'd these rules are searched from the top until > one > matches. > > As a suggestion verify that you don't have a more general translation that > matches the external interface of your firewall higher up than your > translation for the proxy server. > > Be careful depending on how you setup NAT'g there maybe 1 or 2 NAT rules. > > catcha, > Mick Meacle, > > > -----Original Message----- > > From: Mike Glassman - Admin [SMTP:[email protected]] > > Sent: Monday, April 09, 2001 7:25 PM > > To: 'fw-1 listserv' > > Cc: Mike Glassman - Admin > > Subject: [FW1] Strange FW behaviour with Proxy > > > > > > All, > > > > We have an internal Proxy server which has been static NAT'd to a legal > > external address to allow it to access the Internet, and for logging > > purposes. > > > > In the FW rulebase, the rules define what the Proxy may do and so on. So > > the > > rules would be for eg.... > > > > Proxy Any HTTP Log > > Proxy Any FTP Log > > > > And so on. > > > > When I look at the FW log's, I see the Proxy server as it should be (The > > internal address). > > > > When on the other hand I look at the logs generated beyond my FW, and > > before > > my Router, using a shaping/logging tool we have, I see that the Proxy is > > going out on the FW's legal Internet address and not as the NAT'd > address > > I > > gave it. > > > > So, if I NAT'd the Proxy to 192.178.116.72 (for eg), I should see that > > address, instead I see 192.178.116.1 (for eg) which is the FW's external > > leg. (Those addresses are not the actuall ones for obvious reasons). > > > > I know for a fact that this is happening, but I can't for the life of me > > figure out why. > > > > Anyone ? > > > > Mike Glassman > > System & Security Admin > > Israeli Airports Authority > > Ben-Gurion Airport > > http://www.ben-gurion-airport.co.il > > > > Tel : 972-3-9710785 > > Fax : 972-3-9710939 > > Email : [email protected] > > > > Usage of this email address or any email address at iaa.gov.il for the > > purpose of sales pitches, SPAM or any other such unwanted garbage, is > > illegal, and any person, whether corporate or alone doing so, will be > > prosecuted to the fullest possible extent. > > > > > > > > > > > > > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|