Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT / DMZ / Webservers / Routing?

To: [email protected], [email protected]
Subject: RE: [FW1] NAT / DMZ / Webservers / Routing?
From: "Martin, Kevin T" <[email protected]>
Date: Fri, 22 Jun 2001 07:20:19 -0500
Sender: [email protected]

Check to see if your firewall sends icmp-redirects.  Basically, if
icmp-redirects is on then your firewall sees a packet come from your
webserver to the external address which your firewall realizes nats back to
an address that should be locally routable by the webserver and sends back a
redirect to the webserver w/ the external address redirected.  This can
confuse the webserver.  See if turning off icmp-redirects on your firewall
helps.

Kevin Martin
Bank of America
[email protected]


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, June 21, 2001 12:38 PM
To: [email protected]
Subject: [FW1] NAT / DMZ / Webservers / Routing?




Got a problem thats making me Crazy!!  Not sure if it behavior by design or
user error.

FW-1 machine with 3 nic interfaces....

1. external to the internet (external IP)

2. DMZ (192.168.0.x)

3. LAN (192.168.1.x)

Natting the external IP's to several diff Internal webservers and IP's in
the DMZ

Webservers are serving up pages with the correct external IP's
"LAN" and "External" can see websites OK.

BUT....WebServer1 cannot see its own pages or WebServer2's pages when using
the external IP's.
Same behavior with WebServer2.  Internal IP's work correctly.

TraceRT on the external IP's from the webservers, stop cold at the firewall
machine.

I don't see any indication the firewall is blocking, assume its a routing or
nat limitation.

Please....any ideas?




	   Internet
        ********

		|
		|
	  external IP
		|
	 -----------
	| 		|
	| 		| DMZ (192.168.0.X)
	|    FW-1   |--------------|WEB SERVER 1
	| 		| 		   |WEB SERVER 2
	| 		|
	 -----------
		|
		|
	   *******
	   Office LAN
	DMZ (192.168.1.x)



Thank You,
Jeff Metcalfe
[email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Is SecuRemote Safe?
Next by Date: [FW1] FW1 4.1 HTTP Security server as a proxy
Previous by thread: [FW1] NAT / DMZ / Webservers / Routing?
Next by thread: [FW1] Citrix MetaFrame XP with NFuse and port 1494
Index(es):
- Date
- Thread