[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Strange FW behaviour with Proxy
Post me your NAT rules. Also - what platform is it ? Do you have static routes / proxy arps in place ? ----- Original Message ----- From: Mike Glassman - Admin <[email protected]> To: 'fw-1 listserv' <[email protected]> Cc: Mike Glassman - Admin <[email protected]> Sent: 09 April 2001 10:25 Subject: [FW1] Strange FW behaviour with Proxy > > All, > > We have an internal Proxy server which has been static NAT'd to a legal > external address to allow it to access the Internet, and for logging > purposes. > > In the FW rulebase, the rules define what the Proxy may do and so on. So the > rules would be for eg.... > > Proxy Any HTTP Log > Proxy Any FTP Log > > And so on. > > When I look at the FW log's, I see the Proxy server as it should be (The > internal address). > > When on the other hand I look at the logs generated beyond my FW, and before > my Router, using a shaping/logging tool we have, I see that the Proxy is > going out on the FW's legal Internet address and not as the NAT'd address I > gave it. > > So, if I NAT'd the Proxy to 192.178.116.72 (for eg), I should see that > address, instead I see 192.178.116.1 (for eg) which is the FW's external > leg. (Those addresses are not the actuall ones for obvious reasons). > > I know for a fact that this is happening, but I can't for the life of me > figure out why. > > Anyone ? > > Mike Glassman > System & Security Admin > Israeli Airports Authority > Ben-Gurion Airport > http://www.ben-gurion-airport.co.il > > Tel : 972-3-9710785 > Fax : 972-3-9710939 > Email : [email protected] > > Usage of this email address or any email address at iaa.gov.il for the > purpose of sales pitches, SPAM or any other such unwanted garbage, is > illegal, and any person, whether corporate or alone doing so, will be > prosecuted to the fullest possible extent. > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|