Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [FW1] (Still having) NAT Problem

To: [email protected]
Subject: Re: [FW-1] [FW1] (Still having) NAT Problem
From: Satana <[email protected]>
Date: Mon, 8 Oct 2001 18:18:54 +0200
Comments: To: Michael Knost <[email protected]>, [email protected]
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Version FW 4.1 running on Solaris 7

Lorenzo


----- Original Message -----
From: "Michael Knost" <[email protected]>
To: "Satana" <[email protected]>;
<[email protected]>
Sent: Friday, October 05, 2001 4:18 PM
Subject: RE: [FW1] (Still having) NAT Problem


> What version of FW are you using?  What OS are you running it on.  There
> is a bug with Static NAT running NG on Win2K.
>
>
> -----Original Message-----
> From: Satana
> Sent: Wed 10/3/2001 12:08 PM
> To: Chris Arnold; 'Brockhoven, Werner ';
> [email protected]
> Cc:
> Subject: [FW1] (Still having) NAT Problem
>
>
>
>
> Hi everybody and thanx for all your answers....
> I've checked my FW1 rules & Address Translations and...you got
> me! something
> was messed up.
> Anyway..... I forgot to say that I obviously did the ARPing (arp
> -s EXT_IP
> MAC_ADDR pub) and I added the route (route add EXT_IP INT_IP 1),
> but still
> it isn't working. I've got an error on FW1 logs regarding rule0
> (?). I'm
> pretty out of any ideas...
> Thanx again for help and interest
>
> Lorenzo
>
>
>
>
> ----- Original Message -----
> From: "Chris Arnold" <[email protected]>
> To: "'Brockhoven, Werner '" <[email protected]>;
> "''Satana' '"
> <[email protected]>;
> <[email protected]>
> Sent: Thursday, September 27, 2001 5:19 PM
> Subject: RE: [FW1] NAT Problem
>
>
> >
> > I would stay away from automatic NAT rules personally.  Do it
> manually as
> > there used to be issues with automatic NAT rules and manually
> gives you a
> > finer level of control as well.
> >
> > Chris
> >
> > -----Original Message-----
> > From: Brockhoven, Werner
> > To: 'Satana'; [email protected]
> > Sent: 9/26/01 2:13 AM
> > Subject: RE: [FW1] NAT Problem
> >
> > Hello Lorenzo,
> >
> > So you are trying to configure static destination nat.
> >
> > It may be easier to let FW-1 configure the nat rule by
> configuring the
> > NAT tab in the workstation object which represents the
> internal machine.
> > Because you are using static destination nat you'll have to
> configure a
> > route on the firewall for the external ip adress and have it
> point to
> > the internal ip adress of the www server.  In your firewall
> object
> > you'll have to configure antispoofing on the internal
> interface and add
> > the external ip adress of the www server.  Finally you'll want
> to
> > publish the external ip adress on your gateway via arp so the
> external
> > router knows where to send the packets.
> >
> > Regards,
> >
> > Werner
> >
> >
> >
> > -----Original Message-----
> > From: Satana [ mailto:[email protected]]
> > Sent: Tuesday, September 25, 2001 10:51 AM
> > To: [email protected]
> > Subject: [FW1] NAT Problem
> >
> >
> > Hi everybody
> > I've got tihs problem: I have to publish over www an internal
> machine
> > (which obviously has an internal IP adress) and I have to make
> FW1 nat
> > its ip to the external ip adress (that is already routed on
> the right
> > router & CDN).
> > I've made a rule within the "Adress Translation" which says as
> original
> > packet :
> > SOURCE : Internal IP
> > DESTINATION : Any
> > SERVICE : Any
> > as translated packet:
> > SOURCE : External IP
> > DESTINATION : Original
> > Service : Original
> > And it's obviously installed on FW1 cluster.
> > There's also a rule in security policy:
> > SOURCE : Any
> > DESTINATION : External IP
> > SERVICE : http
> > ACTION : Accept
> > What I have to do now ? To me it seems all fine, but it
> doesn't work.
> > Where I'm doing it wrong ?
> > Thanks in advance
> >
> > Lorenzo
> >
> >
> >
> >
>
> ========================================================================
> ====
> ====
> >      To unsubscribe from this mailing list, please see the
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
>
> ========================================================================
> ====
> ====
> >
>
>
>
>
> ========================================================================
> ========
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
>
> ========================================================================
> ========
>
>
>
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW-1] [FW1] (Still having) NAT Problem
  - From: Pete Papadopoulos <[email protected]>

References:
- RE: [FW1] (Still having) NAT Problem
  - From: "Michael Knost" <[email protected]>

Prev by Date: [FW-1] ufsdump
Next by Date: Re: [FW-1] newbie question
Previous by thread: RE: [FW1] (Still having) NAT Problem
Next by thread: Re: [FW-1] [FW1] (Still having) NAT Problem
Index(es):
- Date
- Thread