NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Solution for Problem incoming connections over windows 2000



Some days Ago I wrote the this mail
 
Hello:
 
    I've got the next problem:
 
I have installed my FW-1 as the following configuration: a valid IP address for the external card of FW-1 (for example 10.0.0.1), and two internal non valid addresses e.g. 192.168.10.254 for my localnet and 192.168.1.254 for my DMZ.
In my localnet I have used hidden Nat and the result is successfully, in my DMZ I've put Static NAT using a real Internet Address, also I have put a static route in my FW-1 server as route add -p 10.0.0.25 192.168.1.1 then, if I delete all security rules of FW-1 I can go out using my firewalled machine throw the FW-1, and using a sniffer  I can see like the packets are translated but if I try access to my firewalled machine using its real internet address my FW-1 ignores the packets.
 
Resuming, my outgoing connections are OK, but the incoming  connections are lost.
The problem is not on the security rules because I've put: all all all accept.
Also I have put a file called local.apr with the ip of my firewalled machine and my FW-1 external address and the mac address of my external firewall card in the %%systemroot\fw1\4.1\state\ and it seems not work. I'm using FW-1 4.1 SP3 over Win2000 Server.
 
Thanks for all
 
Best Regards Javier
 
And now I've got the solution.
 
Over Windows 2000 (thanks Juan Concepcion) the file called local.arp seems not work. But it exists a tool called fwarp.exe that do that. It may be download from: http://support.checkpoint.com/kb/docs/public/firewall1/4_1/zip/fwparp.zip
 
Only must put fwparp.exe  fwparp static_ip external_fw-1_ip for doing it.
Next there is a little resumes (thanks Dave Grabowski) that explain what I did for a correct work.
 
How to configure Static NAT on Windows 2000
 
Fact: FireWall-1 4.1 SP2
Fact: Windows 2000
Fact: Static NAT
Fact: fwparp.exe
Fact: ARP
Fact: Routing and Remote Access
Fact: IP Forwarding
 
Fix: Please follow these set of actions:
1) Disable the "routing and Remote Access" (To access this service please
go to: start -> programs -> Administrative Tools -> Routing and Remote
Access -> right click the
server and press disable)
2) Reboot the machine
3) Open the registry from command line by running the command "regedit"
4) Go to ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContralSet\Services\Tcpip\Parameters
5) Change the value to "1" in the Dword key "IPEnableRouter"
6) Restart  the machine
7) Now you can run the 'fwparp.exe' utility as follow: 'fwparp static_ip
external_fw-1_ip'
8) Add route on the FireWall-1 routing table as follow: 'route add -p
static_ip invalid_ip'
9) Start the FireWall-1 machine (fwstart)
10) Install the policy (after verifying that you've configure the static
NAT on the host)
 
(Note that you have to run the 'fwparp.exe' after every Reboot)
 
 
 
 

Regards: Javier Chordá Navarro
-------------------------------------
Consultoría & Comunicaciones de Navarra
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.