Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Again NAT problem

To: [email protected], [email protected]
Subject: RE: [FW1] Again NAT problem
From: "Martin, Kevin T" <[email protected]>
Date: Wed, 20 Jun 2001 08:42:48 -0500
Sender: [email protected]

You will have to setup routing and arp's if doing static nat'ing.

Example:

                                      web srvr (10.10.10.10)
                                               |
                                               |
                                       (10.10.10.9)
           Internet - rtr - (1.1.1.1)firewall(2.2.2.2)----internal net.
                               (1.1.1.2)

1.1.1.1 is the firewalls external NIC address.
10.10.10.9 is the firewalls DMZ NIC address.
2.2.2.2 is the firewalls internal NIC address.
1.1.1.2 is the address that you want to access the webserver via.
1.1.1.2 will need to arp'd and published.
You will need a route that says
1.1.1.2 -> 10.10.10.10


Of course, your rule base will have to be setup to allow access to the
1.1.1.2 address via whatever port you need and then you'll need the static
NAT rules (2, one in and one back) to NAT the traffic.  This is all assuming
that your webserver sits on a network that is non-routable from the internet
(not necessarily a private network, just one that has no published route in
the Internet space).

If your webserver didn't sit in a DMZ but instead sat on an inside network
that was directly connected to the firewall, the route would be similar to
the one above.  However, if it sit's on an internal network that was NOT on
the same immediate network as your firewall your route for 1.1.1.2 would
point to your internal ROUTER instead of directly to your webserver address.

Kevin Martin
Bank of America

-----Original Message-----
From: Bilgehan turan [mailto:[email protected]]
Sent: Tuesday, June 19, 2001 5:44 AM
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] Again NAT problem



Hi
Do I have to play with routing tables when I want to make a NAT.
I make a automatic NAT translating in a workstation object , and having
trouble with it for 3 days
and I am new for checkpoint.
Creating workstation object with NAT is enough for a successfull NAT

Thanks in advance
Bilgehan TURAN
System and Network Administrator
Ph    :Mob :============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Pb with SecuRemote
Next by Date: [FW1] SecuRemote sending email relay problem
Previous by thread: Re: [FW1] Again NAT problem
Next by thread: [FW1] FW and management console design opinions
Index(es):
- Date
- Thread