[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Static NAT issue
Hello Aeon, try it: About the static route edit the /etc/rc.d/rc.local put here your static routes something as: route add -host 192.168..68 gw 10..xxx.9 for line. About the arp the comamd is: arp -s <External IP of Natted Machine> <MAC of FW NIC> pub Put it into the /etc/rc.d/rc.local too I hope this help you ----- Original Message ----- From: "Aeon Hale" <[email protected]> To: <[email protected]> Sent: Thursday, November 08, 2001 6:29 AM Subject: [FW-1] Static NAT issue > Hello All, > > I need a hand with setting up a static NAT on a Redhat 7 machine. > Everything is working perfect, Redhat 7, CPFW-1 4.1 SP3. The only thing > not working is (well two things actually) is Static NAT. Here's the > lowdown: > > I'm not the foremost authority on Linux, but I know my share. I've > never really had to put static route entrys on a Linux box before, but I > know they needed to be added to a startup script or they are deleted > after a reboot. I placed my static route entries in the > /etc/sysconfig/static-routes file. Evidentally, this isn't the rigth > file because my routes didn't take upon a reboot. That's my first > question, was that the correct file to change or do I need to place them > someplace else? > > Second issue, I have one static NAT entry (for my SMTP server). I added > my static route (lets' use the 192.168's as example): > > route add -host 192.168.xxx.68 gw 10.xxx.xxx.9 > > This took fine. I added my arp: > > arp -s 192.168.xxx.68 XX:XX:XX:XX:XX:XX (arp -s <External IP of Natted > Machine> <MAC of FW NIC>) > > This took fine. I checked the arp table, that listing showed up. I > created the local.arp file and placed it in the $FWDIR/state directory. > I created the proper automatic static nat for that object, pushed > policy, and then tried to send email. I saw the email leaving the > firewall natting correctly with the 68 address, but I never saw traffic > comming back. Here's the thing, i reboot the fw (and of course manually > added my routes back in because the static-routes file did not do that > for me) and I checked my arp table, and the arp that I added was no > longer there. Does linux lose that arp that I added upon a reboot also? > Does this need to be put in a startup script also? > > Anyway, bottom line, I was not getting mail sent out or back in. I > plugged the old firewall back in place (NT 4.0 CP4.1. sp3) and mail was > immediately sent and received. > > Any help would be appreciated. I'm not sure what i'm forgetting. > > Thanks, > > Aeon > > The Dalai Lama says, "Those things which will work out, there is no use > worrying about; > Those things which won't work out, worrying won't help." > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|