NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FW1 v4.1 on NT 4, Single external IP

Can you explain please how "address translation" can help ? The normal
solution already use "address translation" via NAT.

In my solution i NAT the external address to two internal address based
on service (21/FTP and 80/HTTP) but how do you setup the necessary
routing in Windows NT ?

If you have a working solution not involving a router between the FW-1
and the internal servers it would be great because i want to implement it,
like , and i can't.

P.S. Seems that FW-1 2000 (4.1 SP1+) should be not existant in NG because
     i read the NAT is done at the input interface, not the server side
     interface, so all the rule are build around the internal address
     i suppose so if i change ISP and external IP address i don't need
     to change all the rules and i don't need to add a route in NT because
     when the routing will be done, the adress will have been already
     translated to the internal address...


At 15:46 2001-11-02 -0500, Juan Concepcion wrote:
>You could also use address translation to get this accomplished.
>
>Yves Belle-Isle wrote:
>
>> Yes in the followin configuration:
>>
>>             Internet 129.1.1.1
>>                |
>>                .
>>               / \
>>              /   \
>>             /     \
>>            / FW-1  \
>>           /         \
>>          +-----------+
>>                | 192.168.1.1
>>                | 192.168.1.2
>>          +-----------+
>>          |   Router  |
>>          +-----------+
>>                | 10.1.1.1
>>               / \
>>              /   \
>>           FTP    HTTP servers
>>      10.1.1.2    10.1.1.3
>>
>> You do a route add -p 129.1.1.1 mask 255.255.255.255 192.168.1.2
>> and the router will dispatch it to 10.1.1.2 or 10.1.1.3 because the
>> FW-1 send the packet to 10.1.1.2 or 10.1.3 depending on port (21 or 80)
>>
>> NO in the followin configuration:
>>
>>             Internet 129.1.1.1
>>                |
>>                .
>>               / \
>>              /   \
>>             /     \
>>            / FW-1  \
>>           /         \
>>          +-----------+
>>                | 10.1.1.1
>>               / \
>>              /   \
>>           FTP    HTTP servers
>>      10.1.1.2    10.1.1.3
>>
>> It's because you need to use the Windows NT routing and you can't use the
>> following syntax:
>>
>> route add -p 129.1.1.1:21 mask 255.255.255.255 10.1.1.2
>> route add -p 129.1.1.1:80 mask 255.255.255.255 10.1.1.3
>>
>> You can route on a port basic, just IP address basic...
>>
>> At 12:43 2001-11-02 -0500, Tom Sevy wrote:
>> >Is there a way in this scenario to route inwards by port/service?
>> >
>> >Singled External IP address on the FW, multiple internal IP addresses.
>> >Map/route inbound FTP to one server, inbound HTTP to another?


------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.