[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Incorrect NAT translation
Rory Stewart wrote: > > Has anyone heard of a problem with NAT translation resolving the http address as the internal ip address rather than the external ip address? > > We are setting up an http accelerator behind our Nokia 440 firewall where the box must be "seen" from the outside. > I have configured address translation manually from the internal to external and back. WHY "internal to external"? This could confuse the firewall, it's not necessary. >From outside to inside is fine. > Created both internal and external ip's as workstations. (Tried putting external ip into NAT tab of internal but made no difference). > Entered "any external any accept" and "internal any any accept" on the security policy tab. Fix it: "any external http accept" (sure), "internal any any drop long" (strong guess). > Finally, went on to voyager and created static route to internal ip address range and put a proxy arp of the external ip address on the > external firewall interface ( where they are both in the same ip range ). > We know our accelerator sees our pings put does not reply. We have our laptop gui infront of the firewall and behind our ext router, and > from there we can enter our accelerator happily using internal ip address but not external. HOW? internet(ip) ---(ip)ext-router(ip) --- (ips)firewall(ips)= --- (ip)accelerator | laptop(ip) Just give more details, network + ip addresses + nat rules + routes. Sounds like a routing problem. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|