Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] does checkpoint actually do a NAT (fwd)

To: [email protected]
Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd)
From: Frank Breedijk <[email protected]>
Date: Mon, 15 Oct 2001 09:48:13 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcFTHTRvqgT6Mfw9RIa6h5hj9+5S5gCMBtDQ
Thread-topic: [FW-1] does checkpoint actually do a NAT (fwd)

Title: RE: [FW-1] does checkpoint actually do a NAT (fwd)

Jay,

> I have a basic query on Firewall NAT.When I configure my
> checkpoint firewall to do static NAT I have to configure the
> firewall to accept packets in a arp proxying mode.And I am
> asked to put a route to the particular public IP saying that
> to go to the particuar NATed public IP go to the private IP
> in the LAN.

The thing to remember here is the order in which checkpoint handles NAT and routing. Routing is handled *before* NAT. THat is why you have to add the ARP and static route entries.

The packet is picked up by FW-1 because of the arp entry and it is then routed to the correct interface/gateway. When the packet leaves the firewall, the header is modified to do the actual NAt.

Regards,
Frank

Prev by Date: [FW-1] Testing
Next by Date: Re: [FW-1] Managing a 4.0 fwd module with a 4.1 fwm management
Previous by thread: [FW-1] does checkpoint actually do a NAT (fwd)
Next by thread: Re: [FW-1] does checkpoint actually do a NAT (fwd)
Index(es):
- Date
- Thread