NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Static NAT issue



Hello Aeon,

try it:
About the static route edit the /etc/rc.d/rc.local put here your static
routes something as:
route add -host 192.168..68 gw 10..xxx.9
for line.

About the arp the comamd is:
arp -s <External IP of Natted Machine> <MAC of FW NIC> pub

Put it into the /etc/rc.d/rc.local too

I hope this help you


----- Original Message -----
From: "Aeon Hale" <[email protected]>
To: <[email protected]>
Sent: Thursday, November 08, 2001 6:29 AM
Subject: [FW-1] Static NAT issue


> Hello All,
>
> I need a hand with setting up a static NAT on a Redhat 7 machine.
> Everything is working perfect, Redhat 7, CPFW-1 4.1 SP3.  The only thing
> not working is (well two things actually) is Static NAT.  Here's the
> lowdown:
>
> I'm not the foremost authority on Linux, but I know my share.  I've
> never really had to put static route entrys on a Linux box before, but I
> know they needed to be added to a startup script or they are deleted
> after a reboot.  I placed my static route entries in the
> /etc/sysconfig/static-routes file.  Evidentally, this isn't the rigth
> file because my routes didn't take upon a reboot.  That's my first
> question, was that the correct file to change or do I need to place them
> someplace else?
>
> Second issue, I have one static NAT entry (for my SMTP server).  I added
> my static route (lets' use the 192.168's as example):
>
> route add -host 192.168.xxx.68 gw 10.xxx.xxx.9
>
> This took fine.  I added my arp:
>
> arp -s 192.168.xxx.68 XX:XX:XX:XX:XX:XX  (arp -s <External IP of Natted
> Machine> <MAC of FW NIC>)
>
> This took fine.  I checked the arp table, that listing showed up.  I
> created the local.arp file and placed it in the $FWDIR/state directory.
> I created the proper automatic static nat for that object, pushed
> policy, and then tried to send email.  I saw the email leaving the
> firewall natting correctly with the 68 address, but I never saw traffic
> comming back.  Here's the thing, i reboot the fw (and of course manually
> added my routes back in because the static-routes file did not do that
> for me) and I checked my arp table, and the arp that I added was no
> longer there.  Does linux lose that arp that I added upon a reboot also?
> Does this need to be put in a startup script also?
>
> Anyway, bottom line, I was not getting mail sent out or back in.  I
> plugged the old firewall back in place (NT 4.0 CP4.1. sp3) and mail was
> immediately sent and received.
>
> Any help would be appreciated. I'm not sure what i'm forgetting.
>
> Thanks,
>
> Aeon
>
> The Dalai Lama says, "Those things which will work out, there is no use
> worrying about;
>  Those things which won't work out, worrying won't help."
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.