[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web server in DMZ
Ivan, The NT arp command is not working as expected (like unix arp command. On NT the arp entry will not be broadcasted and will be held internally for a few minutes.). For this reason Checkpoint have made a workaround for NT4 with putting the arp entries in a file called local.arp. Lars -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Ivan More Sent: Wednesday, June 06, 2001 09:20 To: Stevens, George (Aerostructures) Cc: [email protected] Subject: RE: [FW1] Web server in DMZ Hi, Thanks George for your advise. We are running FW-1 ver 4.0 on NT4. We have setup the route table to route traffic for the web server internal IP to the DMZ interface card. We have also set arp on our external interface card for the external IP of the web server by using a bat file at startup. Anyone can enlighten me if this is the proper way of setting up the arp on NT4? Cheers, Ivan --- "Stevens, George (Aerostructures)" <[email protected]> wrote: > Better definition of your rule would be > > "not office" "external addr" "http" "allow" > "office" "internal addr" "http/ftp?" "allow" > > rules with the static NAT ... AND you will also need > proper > routing ... you didn't mention what operating system > > you're using, assuming Solaris ... > > assuming fw interface addr - 10.1.1.1 > route add net 10.1.1.0 10.1.1.1 1 > route add host "external NAT addr" "internal host > addr" 1 > AND don't forget to add an "arp" on the external > interface! > > arp -s "external addr" "MAC addr" pub > > you'll have to check with others for the other > operating > systems. > Good luck, > Geo > > > -----Original Message----- > > From: Ivan More [mailto:[email protected]] > > Sent: Tuesday, June 05, 2001 3:00 AM > > To: [email protected] > > Cc: [email protected] > > Subject: [FW1] Web server in DMZ > > > > > > > > Hi, > > > > We are trying to setup a web server in the DMZ for > > public access. But we are not successful. > > > > Internet > > ******** > > | > > | > > | > > | > > | > > ----------- > > | | > > | | ----- DMZ > > | FW |-----------| | web server > > | | ----- internal IP > 10.1.1.100 > > | | external IP > > ------------ > > | > > | > > ****** > > Office > > > > > > In our rule base we have > > > > source destination service > > Any Web server http > > NAT to > > external IP > > > > We did not see any traffic connecting to this web > > server even when we try to connect to it (not > using > > VPN). What did I missed out? > > > > > > Any help will be appreciated. Thanks. > > > > > > Cheers, > > Ivan > > > > > _______________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.ca address at > http://mail.yahoo.ca > > > > > > > ============================================================== > > ================== > > To unsubscribe from this mailing list, please > see the > > instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================== > > ================== > > _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|