[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT Problem
I would stay away from automatic NAT rules personally. Do it manually as there used to be issues with automatic NAT rules and manually gives you a finer level of control as well. Chris -----Original Message----- From: Brockhoven, Werner To: 'Satana'; [email protected] Sent: 9/26/01 2:13 AM Subject: RE: [FW1] NAT Problem Hello Lorenzo, So you are trying to configure static destination nat. It may be easier to let FW-1 configure the nat rule by configuring the NAT tab in the workstation object which represents the internal machine. Because you are using static destination nat you'll have to configure a route on the firewall for the external ip adress and have it point to the internal ip adress of the www server. In your firewall object you'll have to configure antispoofing on the internal interface and add the external ip adress of the www server. Finally you'll want to publish the external ip adress on your gateway via arp so the external router knows where to send the packets. Regards, Werner -----Original Message----- From: Satana [mailto:[email protected]] Sent: Tuesday, September 25, 2001 10:51 AM To: [email protected] Subject: [FW1] NAT Problem Hi everybody I've got tihs problem: I have to publish over www an internal machine (which obviously has an internal IP adress) and I have to make FW1 nat its ip to the external ip adress (that is already routed on the right router & CDN). I've made a rule within the "Adress Translation" which says as original packet : SOURCE : Internal IP DESTINATION : Any SERVICE : Any as translated packet: SOURCE : External IP DESTINATION : Original Service : Original And it's obviously installed on FW1 cluster. There's also a rule in security policy: SOURCE : Any DESTINATION : External IP SERVICE : http ACTION : Accept What I have to do now ? To me it seems all fine, but it doesn't work. Where I'm doing it wrong ? Thanks in advance Lorenzo ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|