[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Dual NAT with FW-1 on NT
Thanks Tim, I was able to make it work yesterday. But now I have another thing which I want to do, NAT in the reverse direction. >From my client(10.0.0.2) I can access the server(192.168.10.23) through server's NAT'd IP(10.0.0.23) on port 2900 fine. At the same time, I want the server(192.168.10.23) to talk back to the client(10.0.0.2) through a NAT'd IP of the client(192.168.0.2) on port 2899. This is the way my application is designed. But its not working. One interesting thing I am seeing is that I cannot traceroute to either of the firewall interfaces from te server(192.168.10.23) but I can do it fine from my client(10.0.0.2) Any ideas how I can make it work? Thanks, Sumit -----Original Message----- From: Tim Holman [mailto:[email protected]] Sent: Tuesday, April 17, 2001 10:11 AM To: Sumit Chopra; [email protected] Subject: Re: [FW1] Dual NAT with FW-1 on NT What are you trying to NAT ? Your proxy.arp and routes look wrong. Let's use an example: External address of FW - 10.0.0.1 Public address of host - 10.0.0.2 Real (inside) address of host - 192.168.10.23 On the FW, setup local.arp as follows: 10.0.0.2 - MAC address of 10.0.0.1 And a route: route add -p 10.0.0.2 mask 255.255.255.255 192.168.10.23 This enables STATIC NAT to work properly. Stick with the automatic rules to start with - they're ample for a basic configuration. Tim ----- Original Message ----- From: Sumit Chopra <[email protected]> To: <[email protected]> Sent: 14 April 2001 21:23 Subject: [FW1] Dual NAT with FW-1 on NT > > > Hi All, > > I am having problems with setting up dual NAT on FW-1(4.1) on NT. My > network configuration is : > > 1. 10.0.0.0 Network(External) > 2. 192.168.0.0 Network(Internal) > 3. FW-1 one interface with IP= 10.0.0.1 > 4. FW-1 second interface with IP=192.168.1.1 > 5. Host on 10.0.0.0 network with IP=10.0.0.2 with the default GW=10.0.0.1 > 6. Host on 192.168.0.0 network with IP=192.168.10.23 with the default > GW=192.168.1.1 > > The GUI runs on the clients on 10.0.0.0 network on port 2899 and needs to > connect to the server on port 2900. I have tested single NAT and it works > fine. But dual NAT does not. > > My local.arp file on the FW has an entry > > 10.0.0.1 <MAC of 10.0.0.1 interface> > > I have added the following persistent route on the FW: > > 10.0.0.0 255.255.255.255 192.168.1.1 192.168.1.1 1 > > which implies al clients on 10.0.0.0 network gets routed to the 192.168.1.1 > interface of the firewall > > I am not very clear how to define the NAT rule. Can someone please tell me > how to define the rule and if there is something else which needs to be > done. > > Thanks a lot! > > -Sumit > > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|