[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] How to NAT (both ports and adresses...?)
> To: "METE EMINAGAOGLU (IT)" <[email protected]> > > You would set up NAT rules exactly as you would > expect > them to look. In the Address Translation section of > your FW1 Security Policy program, set up a NAT rule > like this: > > Original Packet: > Source:60.x.x.x > Destin: 192.168.x.x > Service: TCP_port_1900 > > Translated Packet: > Source:60.x.x.x > Destin: Fake_NAT_Address [You'd have to set this up > first under Manage, Network Objects] > Service: Original > > NAT is pretty flexible. Note that you can only add > one object under Services, so if you want to NAT > multiple services with one rule, you can set up a > Group of Services [e.g. create a group that includes > TCP 1900 and TCP 1901]. > > NAT rules like other rules are processed top to > bottom, so if you have any other NAT rules that > would > apply to this computer, you'd want to add this new > rule before that rule, maybe at the top of the list > of > NAT rules. > > Naturally, you have to write your own NAT rules to > do > this. It won't work if you use the NAT checkbox in > the NAT section of the computer or network object to > allow FW-1 to write automatic NAT rules for you. > > Hope this helps. > > --- "METE EMINAGAOGLU (IT)" <[email protected]> > wrote: > > Hi to all... > > > > I have a bit of complex and perhaps weird problem, > > hence question. Any help, > > comment, suggestion is welcome. Thanx. > > > > Problem: > > > > A Server in my DMZ. Let's say 60.x.x.x > > Another Server in my LAN. Let's say 192.168.x.x > > A specific service on Real Port k. Let's say > > TCP_1900 > > > > The original rule setting: > > > > Source:60.x.x.x > > Destin: 192.168.x.x > > Service: TCP_port_1900. > > > > Everythg. works fine. > > > > However, I want a new arrangement so that TCP_1900 > > packets do not directly > > go from 60.x.x.x to 192.168.x.x. They are to be > > routed to any non-existent > > fake X-Server via a different NAT' ed fake port, > say > > TCP_fake. Then, from > > X-Server to the target destin. 192.168.x.x in LAN, > > > while also fake-port > > NAT' ed to the real TCP_1900. > > > > Using only a single FW, how could this be > achieved? > > (What are the necessary > > rules and IP+service NAT' s?) > > > > If not possible by a single FW, then what is > > additionally required within > > the FW so as to establish the necessary solution? > > > > > > > > Mete EMINAGAOGLU > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute > with Yahoo! Messenger > http://phonecard.yahoo.com/ > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|