[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] static NAT the external fw-1 address?
Just use a different IP than your external interface on the firewall and save yourself the trouble. George -----Original Message----- From: Patrick Lotti [mailto:[email protected]] Sent: Thursday, August 02, 2001 3:08 AM To: [email protected] Subject: [FW1] static NAT the external fw-1 address? Hi, I'd like to have a web-server in my dmz answering requests to the external ip address of the firewall, port 80. While I succeeded with other external ip addresses using proxy.arp, it just fails when I try to configure it for the external ip address. Actually, it allowed ping to do the following tests: ping [external-fw-1-ip] didn't get a response. The log viewer showed the NATed packet, and also NATed answer that was blocked due to "rule 0 local interface is spoofing". Guess, there is no anti-spoofing configured! It all works well when using another ip with local.arp, request and reply get NATed. If you try to use http you would get a "RST" reply in the first case, and in the latter case it will work. But you can't see replies it in the fw-1 log. I tried to increase the default metric for the default routing on win2k, but that doesn't help either. I assume that Win2k routes the packet to 127.0.0.1 Do I need to remove that routing entry..."route delete" doesn't do it! (I have a route from the exernal interface to my dmz, for sure!) Has anyone have such a configuration working [Solaris/Linux/Win-dos] ? Best Regards, Patrick Lotti ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|