Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT Problem

To: "'Brockhoven, Werner '" <[email protected]>, "''Satana' '" <[email protected]>, "'[email protected] '" <[email protected]>
Subject: RE: [FW1] NAT Problem
From: Chris Arnold <[email protected]>
Date: Thu, 27 Sep 2001 11:19:41 -0400
Sender: [email protected]

I would stay away from automatic NAT rules personally.  Do it manually as
there used to be issues with automatic NAT rules and manually gives you a
finer level of control as well.

Chris

-----Original Message-----
From: Brockhoven, Werner
To: 'Satana'; [email protected]
Sent: 9/26/01 2:13 AM
Subject: RE: [FW1] NAT Problem

Hello Lorenzo,

So you are trying to configure static destination nat.

It may be easier to let FW-1 configure the nat rule by configuring the
NAT tab in the workstation object which represents the internal machine.
Because you are using static destination nat you'll have to configure a
route on the firewall for the external ip adress and have it point to
the internal ip adress of the www server.  In your firewall object
you'll have to configure antispoofing on the internal interface and add
the external ip adress of the www server.  Finally you'll want to
publish the external ip adress on your gateway via arp so the external
router knows where to send the packets.

Regards,

Werner

-----Original Message-----
From: Satana [mailto:[email protected]]
Sent: Tuesday, September 25, 2001 10:51 AM
To: [email protected]
Subject: [FW1] NAT Problem

Hi everybody
I've got tihs problem: I have to publish over www an internal machine
(which obviously has an internal IP adress) and I have to make FW1 nat
its ip to the external ip adress (that is already routed on the right
router & CDN).
I've made a rule within the "Adress Translation" which says as original
packet :
SOURCE : Internal IP
DESTINATION : Any
SERVICE : Any
as translated packet:
SOURCE : External IP
DESTINATION : Original
Service : Original
And it's obviously installed on FW1 cluster.
There's also a rule in security policy:
SOURCE : Any
DESTINATION : External IP
SERVICE : http
ACTION : Accept
What I have to do now ? To me it seems all fine, but it doesn't work.
Where I'm doing it wrong ?
Thanks in advance

Lorenzo

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Does anyone know what does port 1214 get used for ?
Next by Date: RE: [FW1] Please help
Previous by thread: FW: [FW1] NAT Problem
Next by thread: [FW1] meta ip DHCP
Index(es):
- Date
- Thread