[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web server in DMZ
Ivan, I would presume that you only have one external IP address and that what you are trying to configure is a "dynamic" address translation - hiding invalid internal address/es behind this single external IP address... with this type of translation, the invalid address/es can initiate a connection going out to the internet but no way can a PC in the internet access your internal PC/s. Dean
George: You are right. The preferred way is to assign a public IP address for the DMZ server and assign the rule accordingly. However, if you want to do NAT, you are still able to do it although you will be required to set up static routes on both the router and the firewall itself. The procedure for doing NAT is a little more involved and not the proper way to do it. Thuan -----Original Message----- From: Juppunov, George [mailto:[email protected]] Sent: Tuesday, June 05, 2001 8:52 AM To: [email protected] Subject: RE: [FW1] Web server in DMZ When you have incoming connections you cannot NAT in mode hide behind the IP address of the firewall, because the packet will land on the firewall itself, which will then drop it. Assign static NAT mapping or better yet, assign public address space fro your DMZ. Why would you want to do static NATs for your servers on the DMZ, when you can just give them the valid IP addresses in the first place? George -----Original Message----- From: Ivan More [mailto:[email protected]] Sent: Tuesday, June 05, 2001 3:00 AM To: [email protected] Cc: [email protected] Subject: [FW1] Web server in DMZ Hi, We are trying to setup a web server in the DMZ for public access. But we are not successful. Internet ******** | | | | | ----------- | | | | ----- DMZ | FW |-----------| | web server | | ----- internal IP 10.1.1.100 | | external IP ------------ | | ****** Office In our rule base we have source destination service Any Web server http NAT to external IP We did not see any traffic connecting to this web server even when we try to connect to it (not using VPN). What did I missed out? Any help will be appreciated. Thanks. Cheers, Ivan _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|