[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Again NAT problem
You will have to setup routing and arp's if doing static nat'ing. Example: web srvr (10.10.10.10) | | (10.10.10.9) Internet - rtr - (1.1.1.1)firewall(2.2.2.2)----internal net. (1.1.1.2) 1.1.1.1 is the firewalls external NIC address. 10.10.10.9 is the firewalls DMZ NIC address. 2.2.2.2 is the firewalls internal NIC address. 1.1.1.2 is the address that you want to access the webserver via. 1.1.1.2 will need to arp'd and published. You will need a route that says 1.1.1.2 -> 10.10.10.10 Of course, your rule base will have to be setup to allow access to the 1.1.1.2 address via whatever port you need and then you'll need the static NAT rules (2, one in and one back) to NAT the traffic. This is all assuming that your webserver sits on a network that is non-routable from the internet (not necessarily a private network, just one that has no published route in the Internet space). If your webserver didn't sit in a DMZ but instead sat on an inside network that was directly connected to the firewall, the route would be similar to the one above. However, if it sit's on an internal network that was NOT on the same immediate network as your firewall your route for 1.1.1.2 would point to your internal ROUTER instead of directly to your webserver address. Kevin Martin Bank of America -----Original Message----- From: Bilgehan turan [mailto:[email protected]] Sent: Tuesday, June 19, 2001 5:44 AM To: Fw-1-Mailinglist (E-mail) Subject: [FW1] Again NAT problem Hi Do I have to play with routing tables when I want to make a NAT. I make a automatic NAT translating in a workstation object , and having trouble with it for 3 days and I am new for checkpoint. Creating workstation object with NAT is enough for a successfull NAT Thanks in advance Bilgehan TURAN System and Network Administrator Ph :Mob :============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|