[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] (Still having) NAT Problem
Hi everybody and thanx for all your answers.... I've checked my FW1 rules & Address Translations and...you got me! something was messed up. Anyway..... I forgot to say that I obviously did the ARPing (arp -s EXT_IP MAC_ADDR pub) and I added the route (route add EXT_IP INT_IP 1), but still it isn't working. I've got an error on FW1 logs regarding rule0 (?). I'm pretty out of any ideas... Thanx again for help and interest Lorenzo ----- Original Message ----- From: "Chris Arnold" <[email protected]> To: "'Brockhoven, Werner '" <[email protected]>; "''Satana' '" <[email protected]>; <[email protected]> Sent: Thursday, September 27, 2001 5:19 PM Subject: RE: [FW1] NAT Problem > > I would stay away from automatic NAT rules personally. Do it manually as > there used to be issues with automatic NAT rules and manually gives you a > finer level of control as well. > > Chris > > -----Original Message----- > From: Brockhoven, Werner > To: 'Satana'; [email protected] > Sent: 9/26/01 2:13 AM > Subject: RE: [FW1] NAT Problem > > Hello Lorenzo, > > So you are trying to configure static destination nat. > > It may be easier to let FW-1 configure the nat rule by configuring the > NAT tab in the workstation object which represents the internal machine. > Because you are using static destination nat you'll have to configure a > route on the firewall for the external ip adress and have it point to > the internal ip adress of the www server. In your firewall object > you'll have to configure antispoofing on the internal interface and add > the external ip adress of the www server. Finally you'll want to > publish the external ip adress on your gateway via arp so the external > router knows where to send the packets. > > Regards, > > Werner > > > > -----Original Message----- > From: Satana [mailto:[email protected]] > Sent: Tuesday, September 25, 2001 10:51 AM > To: [email protected] > Subject: [FW1] NAT Problem > > > Hi everybody > I've got tihs problem: I have to publish over www an internal machine > (which obviously has an internal IP adress) and I have to make FW1 nat > its ip to the external ip adress (that is already routed on the right > router & CDN). > I've made a rule within the "Adress Translation" which says as original > packet : > SOURCE : Internal IP > DESTINATION : Any > SERVICE : Any > as translated packet: > SOURCE : External IP > DESTINATION : Original > Service : Original > And it's obviously installed on FW1 cluster. > There's also a rule in security policy: > SOURCE : Any > DESTINATION : External IP > SERVICE : http > ACTION : Accept > What I have to do now ? To me it seems all fine, but it doesn't work. > Where I'm doing it wrong ? > Thanks in advance > > Lorenzo > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|