Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] static NAT the external fw-1 address?

To: "'Patrick Lotti'" <[email protected]>, [email protected]
Subject: RE: [FW1] static NAT the external fw-1 address?
From: "Juppunov, George" <[email protected]>
Date: Thu, 2 Aug 2001 10:13:57 -0700
Sender: [email protected]

Just use a different IP than your external interface on the firewall and
save yourself the trouble.

George

 -----Original Message-----
From: 	Patrick Lotti [mailto:[email protected]] 
Sent:	Thursday, August 02, 2001 3:08 AM
To:	[email protected]
Subject:	[FW1] static NAT the external fw-1 address?

Hi,

I'd like to have a web-server in my dmz answering requests to the
external ip address of the firewall, port 80.

While I succeeded with other external ip addresses using proxy.arp,
it just fails when I try to configure it for the external ip address.

Actually, it allowed ping to do the following tests:
ping [external-fw-1-ip]
didn't get a response. The log viewer showed the NATed packet, and also
NATed answer that was blocked due to "rule 0 local interface is spoofing".
Guess, there is no anti-spoofing configured!

It all works well when using another ip with local.arp, request and reply
get NATed.

If you try to use http you would get a "RST" reply in the first case, and in
the latter case it will work. But you can't see replies it in the fw-1 log.

I tried to increase the default metric for the default routing on win2k, but
that doesn't help either. I assume that Win2k routes the packet to 127.0.0.1
Do I need to remove that routing entry..."route delete" doesn't do it!
(I have a route from the exernal interface to my dmz, for sure!)

Has anyone have such a configuration working [Solaris/Linux/Win-dos] ?

Best Regards,
Patrick Lotti

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] rule assessment/p-testing
Next by Date: [FW1] cp NG packets out of state
Previous by thread: [FW1] Re: static NAT the external fw-1 address?
Next by thread: [FW1] VRRP issue
Index(es):
- Date
- Thread