[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] static NAT problem on 4.1 SP 2 (linux)




 Hi Todd,
 To answer your question I would say that  this internal Web server should be
accessed only with ONE URL (http://web_server.MyDomain.com )
Where web_server.MyDomain.com ---> 212.x.x21 ( on the my unique DNS server which
reside on the DMZ)
Is there any way to achieve this ?
Thanks.
-- 
John Hardly
E-mail : john (at) iav (dot) ac (dot) ma


"Stafford, Todd" wrote:
> 
> Sounds like you're getting caught in a routing loop.  I guess my question
> would be why are you wanting to connect via the translated address instead
> of your internal address if both machines are on the same side of the
> firewall.
> 
> Hope this helps,
> Noel T. Stafford
> CCSA, CCSE, CCFE
> Network Engineer
> IT - Data Communications Group
> Western Wireless Corporation
> [email protected]
> 
> -----Original Message-----
> From: John Hardly [mailto:[email protected]]
> Sent: Wednesday, May 02, 2001 6:07 AM
> To: fw checkpoint list
> Subject: [FW1] static NAT problem on 4.1 SP 2 (linux)
> 
> Hi,
> I want to set up a static NAT (which translates to 212.x.x.21) on my
> internal
> Web_server (192.168.1.1).
> I did everything : set up the static NAT on the Web_server, arp , adding the
> route (
> route add -host 212.x.x.21 gw 192.168.1.1 )
> The Web_server is accessed without problem from the DMZ and outside my
> company.
> But I CANNOT access it from localnet using http://212.x.x.21/
> (only http://192.168.1.1 that works).
> >From any machine on the localnet, the ping and traceroute to 212.x.x.21 work
> fine but
> any other tcp service don't.
> Could anyone help me to solve this problem.
> 
> I have 3 interfaces on my fw:
>     172.16.0.1 ----> to router
>     192.168.255.254----> localnet (192.168.0.0/16)
>     212.x.x.17  -------> DMZ (212.x.x.0/24)
> 
>                                   |------------------
>                                   |router 172.16.0.2|
>                                   |-----------------
>                                   |
>                                   |
>                                   |172.16.0.1
>                                   |fw.router.if
>                                   |
>  ___LOCAL-NET=192.168.0.0/16______|___DMZ-NET=212.x.x.0/24___
>  [192.168.1.1]---[192.168.255.254 | 212.x.x.17]-------[212.x.x.21]
>   int.host            fw.int.if   |  fw.DMZ.if          DMZ.host
> 
> Network 192.168.0.0/16  Mask 255.255.0.0 NAT (hide mode) translates to
> 212.x.x.17
> Web_server(192.168.1.1)  NAT  (static mode)  translates  to  212.x.x.21
> 
> --
> John Hardly
> E-mail : john (at) iav (dot) ac (dot) ma


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================