Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FW1 v4.1 on NT 4, Single external IP

To: [email protected]
Subject: Re: [FW-1] FW1 v4.1 on NT 4, Single external IP
From: Juan Concepcion <[email protected]>
Date: Fri, 2 Nov 2001 15:46:54 -0500
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

You could also use address translation to get this accomplished.

Yves Belle-Isle wrote:

> Yes in the followin configuration:
>
>             Internet 129.1.1.1
>                |
>                .
>               / \
>              /   \
>             /     \
>            / FW-1  \
>           /         \
>          +-----------+
>                | 192.168.1.1
>                | 192.168.1.2
>          +-----------+
>          |   Router  |
>          +-----------+
>                | 10.1.1.1
>               / \
>              /   \
>           FTP    HTTP servers
>      10.1.1.2    10.1.1.3
>
> You do a route add -p 129.1.1.1 mask 255.255.255.255 192.168.1.2
> and the router will dispatch it to 10.1.1.2 or 10.1.1.3 because the
> FW-1 send the packet to 10.1.1.2 or 10.1.3 depending on port (21 or 80)
>
> NO in the followin configuration:
>
>             Internet 129.1.1.1
>                |
>                .
>               / \
>              /   \
>             /     \
>            / FW-1  \
>           /         \
>          +-----------+
>                | 10.1.1.1
>               / \
>              /   \
>           FTP    HTTP servers
>      10.1.1.2    10.1.1.3
>
> It's because you need to use the Windows NT routing and you can't use the
> following syntax:
>
> route add -p 129.1.1.1:21 mask 255.255.255.255 10.1.1.2
> route add -p 129.1.1.1:80 mask 255.255.255.255 10.1.1.3
>
> You can route on a port basic, just IP address basic...
>
> At 12:43 2001-11-02 -0500, Tom Sevy wrote:
> >Is there a way in this scenario to route inwards by port/service?
> >
> >Singled External IP address on the FW, multiple internal IP addresses.
> >Map/route inbound FTP to one server, inbound HTTP to another?
> >
> >===============================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >===============================================
> >
> >
>
> ------------------------------------------------------------
> Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
> Responsable des Systemes                Tel:> Sogi Informatique Ltee.                 Fax:> ------------------------------------------------------------
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1] FW1 v4.1 on NT 4, Single external IP
  - From: Yves Belle-Isle <[email protected]>

References:
- Re: [FW-1] FW1 v4.1 on NT 4, Single external IP
  - From: Yves Belle-Isle <[email protected]>

Prev by Date: Re: [FW-1] Simple SMTP Secure Server question
Next by Date: Re: [FW-1] Checkpoint NG SVN Foundation
Previous by thread: Re: [FW-1] FW1 v4.1 on NT 4, Single external IP
Next by thread: Re: [FW-1] FW1 v4.1 on NT 4, Single external IP
Index(es):
- Date
- Thread