|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Accessing Servers via Public IPs from Private Network
Another way is to setup a "private" dns that your users on the inside use, and set it up to forward all external requests to a "public" dns server. If you go this route, just make sure that you setup a private entry on the private dns for every public entry that exists. Chris -----Original Message----- From: Rameen Tabatabaian [mailto:[email protected]] Sent: Wednesday, October 17, 2001 6:52 PM To: [email protected] Subject: Re: [FW-1] Accessing Servers via Public IPs from Private Network you can do it. you need to do the "dual nat trick". refer to http://www.phoneboy.com/faq/0179.html Title: Can't Talk to Translated IP from Internal Net rameen -----Original Message----- From: Arthur de Vera [mailto:[email protected]] Sent: Wednesday, October 17, 2001 2:03 PM To: [email protected] Subject: Re: [FW-1] Accessing Servers via Public IPs from Private Network X, I believe that you are running into the issue that Check Point refers to as "double NAT-ing", which FW-1 does not/can not support. Say a workstation, 192.168.1.5, goes out your FW to request a page from www.test.com, the request itself is NATted by the firewall, that's NAT #1...the request gets to your FW, and www.test.com is static NATted to 192.168.1.11...that's the 2nd instance of NAT, which is referred to as "double NAT" which isn't supported by FW-1. One workaround on your machines on the 192.168.1.0 network, is the use of host files that resolve www.test.com to 192.168.1.11, rather than making a DNS request which resolves to 11.11.11.11. I think that this solution would also apply to your internal network machines. Hope this helps. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of [email protected] Sent: Wednesday, October 17, 2001 10:30 AM To: [email protected] Subject: [FW-1] Accessing Servers via Public IPs from Private Network Can someone tell me if the following is possible with Checkpoint 4.1? I'm setting up a DMZ (ie. a NATted Private network) which will have both servers and workstations, say using the IP network 192.168.1.0/24. Some of the servers that I'm setting up within the private network will be accessible from the Internet via Public IPs. This requires a public DNS server to distribute the public IP. For this example say the public IP of the server is 11.11.11.11 and the private IP of the server is 192.168.1.11. I've got this setup and working. When I access www.test.com (11.11.11.11) I get the server within the private network. My question is, can the workstations within the private network also access the same server via the public IP? I cannot seem to access the server using the public IP from a workstation within the same network. If I use the private IP (192.168.1.11) of the server everything works fine. Is there a way to configure Checkpoint to allow that or am I forced to setup a DNS server within the private network and distribute the private IP when accessing www.test.com? Thanks. X __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
