[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [FW1] (Still having) NAT Problem
Version FW 4.1 running on Solaris 7 Lorenzo ----- Original Message ----- From: "Michael Knost" <[email protected]> To: "Satana" <[email protected]>; <[email protected]> Sent: Friday, October 05, 2001 4:18 PM Subject: RE: [FW1] (Still having) NAT Problem > What version of FW are you using? What OS are you running it on. There > is a bug with Static NAT running NG on Win2K. > > > -----Original Message----- > From: Satana > Sent: Wed 10/3/2001 12:08 PM > To: Chris Arnold; 'Brockhoven, Werner '; > [email protected] > Cc: > Subject: [FW1] (Still having) NAT Problem > > > > > Hi everybody and thanx for all your answers.... > I've checked my FW1 rules & Address Translations and...you got > me! something > was messed up. > Anyway..... I forgot to say that I obviously did the ARPing (arp > -s EXT_IP > MAC_ADDR pub) and I added the route (route add EXT_IP INT_IP 1), > but still > it isn't working. I've got an error on FW1 logs regarding rule0 > (?). I'm > pretty out of any ideas... > Thanx again for help and interest > > Lorenzo > > > > > ----- Original Message ----- > From: "Chris Arnold" <[email protected]> > To: "'Brockhoven, Werner '" <[email protected]>; > "''Satana' '" > <[email protected]>; > <[email protected]> > Sent: Thursday, September 27, 2001 5:19 PM > Subject: RE: [FW1] NAT Problem > > > > > > I would stay away from automatic NAT rules personally. Do it > manually as > > there used to be issues with automatic NAT rules and manually > gives you a > > finer level of control as well. > > > > Chris > > > > -----Original Message----- > > From: Brockhoven, Werner > > To: 'Satana'; [email protected] > > Sent: 9/26/01 2:13 AM > > Subject: RE: [FW1] NAT Problem > > > > Hello Lorenzo, > > > > So you are trying to configure static destination nat. > > > > It may be easier to let FW-1 configure the nat rule by > configuring the > > NAT tab in the workstation object which represents the > internal machine. > > Because you are using static destination nat you'll have to > configure a > > route on the firewall for the external ip adress and have it > point to > > the internal ip adress of the www server. In your firewall > object > > you'll have to configure antispoofing on the internal > interface and add > > the external ip adress of the www server. Finally you'll want > to > > publish the external ip adress on your gateway via arp so the > external > > router knows where to send the packets. > > > > Regards, > > > > Werner > > > > > > > > -----Original Message----- > > From: Satana [ mailto:[email protected]] > > Sent: Tuesday, September 25, 2001 10:51 AM > > To: [email protected] > > Subject: [FW1] NAT Problem > > > > > > Hi everybody > > I've got tihs problem: I have to publish over www an internal > machine > > (which obviously has an internal IP adress) and I have to make > FW1 nat > > its ip to the external ip adress (that is already routed on > the right > > router & CDN). > > I've made a rule within the "Adress Translation" which says as > original > > packet : > > SOURCE : Internal IP > > DESTINATION : Any > > SERVICE : Any > > as translated packet: > > SOURCE : External IP > > DESTINATION : Original > > Service : Original > > And it's obviously installed on FW1 cluster. > > There's also a rule in security policy: > > SOURCE : Any > > DESTINATION : External IP > > SERVICE : http > > ACTION : Accept > > What I have to do now ? To me it seems all fine, but it > doesn't work. > > Where I'm doing it wrong ? > > Thanks in advance > > > > Lorenzo > > > > > > > > > > ======================================================================== > ==== > ==== > > To unsubscribe from this mailing list, please see the > instructions at > > http://www.checkpoint.com/services/mailing.html > > > > ======================================================================== > ==== > ==== > > > > > > > ======================================================================== > ======== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > > ======================================================================== > ======== > > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|