[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Static NAT issue
- To: [email protected]
- Subject: [FW-1] Static NAT issue
- From: Aeon Hale <[email protected]>
- Date: Thu, 8 Nov 2001 07:29:42 -0500
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcFoUQpgKmxcAE5YQjG3vds3mdSggQ==
- Thread-Topic: Static NAT issue
Hello All,
I need a hand with setting up a static NAT on a Redhat 7 machine.
Everything is working perfect, Redhat 7, CPFW-1 4.1 SP3. The only thing
not working is (well two things actually) is Static NAT. Here's the
lowdown:
I'm not the foremost authority on Linux, but I know my share. I've
never really had to put static route entrys on a Linux box before, but I
know they needed to be added to a startup script or they are deleted
after a reboot. I placed my static route entries in the
/etc/sysconfig/static-routes file. Evidentally, this isn't the rigth
file because my routes didn't take upon a reboot. That's my first
question, was that the correct file to change or do I need to place them
someplace else?
Second issue, I have one static NAT entry (for my SMTP server). I added
my static route (lets' use the 192.168's as example):
route add -host 192.168..68 gw 10..xxx.9
This took fine. I added my arp:
arp -s 192.168.xxx.68 XX:XX:XX:XX:XX:XX (arp -s <External IP of Natted
Machine> <MAC of FW NIC>)
This took fine. I checked the arp table, that listing showed up. I
created the local.arp file and placed it in the $FWDIR/state directory.
I created the proper automatic static nat for that object, pushed
policy, and then tried to send email. I saw the email leaving the
firewall natting correctly with the 68 address, but I never saw traffic
comming back. Here's the thing, i reboot the fw (and of course manually
added my routes back in because the static-routes file did not do that
for me) and I checked my arp table, and the arp that I added was no
longer there. Does linux lose that arp that I added upon a reboot also?
Does this need to be put in a startup script also?
Anyway, bottom line, I was not getting mail sent out or back in. I
plugged the old firewall back in place (NT 4.0 CP4.1. sp3) and mail was
immediately sent and received.
Any help would be appreciated. I'm not sure what i'm forgetting.
Thanks,
Aeon
The Dalai Lama says, "Those things which will work out, there is no use
worrying about;
Those things which won't work out, worrying won't help."
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================