[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] static NAT problem on 4.1 SP 2 (linux)
Hi Todd,
To answer your question I would say that this internal Web server should be
accessed only with ONE URL (http://web_server.MyDomain.com )
Where web_server.MyDomain.com ---> 212.x.x21 ( on the my unique DNS server which
reside on the DMZ)
Is there any way to achieve this ?
Thanks.
--
John Hardly
E-mail : john (at) iav (dot) ac (dot) ma
"Stafford, Todd" wrote:
>
> Sounds like you're getting caught in a routing loop. I guess my question
> would be why are you wanting to connect via the translated address instead
> of your internal address if both machines are on the same side of the
> firewall.
>
> Hope this helps,
> Noel T. Stafford
> CCSA, CCSE, CCFE
> Network Engineer
> IT - Data Communications Group
> Western Wireless Corporation
> [email protected]
>
> -----Original Message-----
> From: John Hardly [mailto:[email protected]]
> Sent: Wednesday, May 02, 2001 6:07 AM
> To: fw checkpoint list
> Subject: [FW1] static NAT problem on 4.1 SP 2 (linux)
>
> Hi,
> I want to set up a static NAT (which translates to 212.x.x.21) on my
> internal
> Web_server (192.168.1.1).
> I did everything : set up the static NAT on the Web_server, arp , adding the
> route (
> route add -host 212.x.x.21 gw 192.168.1.1 )
> The Web_server is accessed without problem from the DMZ and outside my
> company.
> But I CANNOT access it from localnet using http://212.x.x.21/
> (only http://192.168.1.1 that works).
> >From any machine on the localnet, the ping and traceroute to 212.x.x.21 work
> fine but
> any other tcp service don't.
> Could anyone help me to solve this problem.
>
> I have 3 interfaces on my fw:
> 172.16.0.1 ----> to router
> 192.168.255.254----> localnet (192.168.0.0/16)
> 212.x.x.17 -------> DMZ (212.x.x.0/24)
>
> |------------------
> |router 172.16.0.2|
> |-----------------
> |
> |
> |172.16.0.1
> |fw.router.if
> |
> ___LOCAL-NET=192.168.0.0/16______|___DMZ-NET=212.x.x.0/24___
> [192.168.1.1]---[192.168.255.254 | 212.x.x.17]-------[212.x.x.21]
> int.host fw.int.if | fw.DMZ.if DMZ.host
>
> Network 192.168.0.0/16 Mask 255.255.0.0 NAT (hide mode) translates to
> 212.x.x.17
> Web_server(192.168.1.1) NAT (static mode) translates to 212.x.x.21
>
> --
> John Hardly
> E-mail : john (at) iav (dot) ac (dot) ma
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================