[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Web server in DMZ
Title: RE: [FW1] Web server in DMZ
George:
You are right. The preferred way is to assign a public IP address for the DMZ server and assign the rule accordingly. However, if you want to do NAT, you are still able to do it although you will be required to set up static routes on both the router and the firewall itself. The procedure for doing NAT is a little more involved and not the proper way to do it.
Thuan
-----Original Message-----
From: Juppunov, George [mailto:[email protected]]
Sent: Tuesday, June 05, 2001 8:52 AM
To: [email protected]
Subject: RE: [FW1] Web server in DMZ
When you have incoming connections you cannot NAT in mode hide behind the IP
address of the firewall,
because the packet will land on the firewall itself, which will then drop
it. Assign static NAT mapping
or better yet, assign public address space fro your DMZ. Why would you want
to do static NATs for your
servers on the DMZ, when you can just give them the valid IP addresses in
the first place?
George
-----Original Message-----
From: Ivan More [mailto:[email protected]]
Sent: Tuesday, June 05, 2001 3:00 AM
To: [email protected]
Cc: [email protected]
Subject: [FW1] Web server in DMZ
Hi,
We are trying to setup a web server in the DMZ for
public access. But we are not successful.
Internet
********
|
|
|
|
|
-----------
| |
| | ----- DMZ
| FW |-----------| | web server
| | ----- internal IP 10.1.1.100
| | external IP
------------
|
|
******
Office
In our rule base we have
source destination service
Any Web server http
NAT to
external IP
We did not see any traffic connecting to this web
server even when we try to connect to it (not using
VPN). What did I missed out?
Any help will be appreciated. Thanks.
Cheers,
Ivan
_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
_____________________________________________________________________
IMPORTANT NOTICES:
This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.
Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.
BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================