|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] antispoofing on 3 legs firewall. (NAT) Need help badly please.
Hi everyone,
I have been troubleshooting this problem for week and could not find the problem. Here is the scenario. I have two side inside (let's call it: side a and side b). My objective is I'm trying to do NATting (hide) using the external interface firewall x.x.x.2. My dmz is a real public ip address.
e0: x.x.x.2 (external interface)
e1:x.x.x.17 (dmz)
e3:x.x.x.5 (inside interface)
If I'm not do anti spoofing, everything ok. As soon as I have anti spoof activated, it does not work at all. Under external interface: (others) Under e1 (I create a network object called dmz), and e3 I have a group contain side a + b.
I look at phoneboy, my configuration is fine I think.
I'm not doing static nat to my dmz zones. I have real public ip address on dmz. I just like to hide all ip address behind me to use the external interface of firewall.
the message I got:
17:13:45 accept kyle >le0 proto tcp src jungleman dst kyle service telnet s_port 2390 len 48 rule4
17:13:45 reject kyle <qe0 proto tcp src jungleman dst kyle service telnet s_port 2390 len 48 rule 0
under nat configuration rule I have added:
dmz - internal network - original original
internal network - dmz - original original
Thanks in advance.
zinc
Get your FREE download of MSN Explorer at http://explorer.msn.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
