|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] does checkpoint actually do a NAT (fwd)
Me neither. But that's because I use automatic NAT. Only manual NAT need the extras. Cheers, Anders :) -----Original Message----- From: António Cardoso [mailto:[email protected]] Sent: 15. oktober 2001 11:09 To: [email protected] Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd) I never needed to put the arp entry only the ip route and it works ... António Cardoso -----Original Message----- From: Frank Breedijk [ mailto:[email protected] <mailto:[email protected]> ] Sent: Monday, October 15, 2001 8:48 AM To: [email protected] Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd) Jay, > I have a basic query on Firewall NAT.When I configure my > checkpoint firewall to do static NAT I have to configure the > firewall to accept packets in a arp proxying mode.And I am > asked to put a route to the particular public IP saying that > to go to the particuar NATed public IP go to the private IP > in the LAN. The thing to remember here is the order in which checkpoint handles NAT and routing. Routing is handled *before* NAT. THat is why you have to add the ARP and static route entries. The packet is picked up by FW-1 because of the arp entry and it is then routed to the correct interface/gateway. When the packet leaves the firewall, the header is modified to do the actual NAt. Regards, Frank =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
