[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] NAT Based on Service with only one legal IP
Dear all, I need to setup a Checkpoint "NG" (NT) for a network but the external interface has only 1 IP. There are two servers behind the "NG", one mail server and one file server. A, External securemote users will access the internal file server, provided internal file server will not do any static NAT. B, Internal mail server will receive SMTP mail at port 25 and host a HTTP service at port 80. What I have tried are: 1, if I do static NAT on internal mail server object, then securemote client fails to connect anymore. It meets requirement B, but A failed. 2, otherwise, if I don't do static NAT, securemote users can connect and access the internal file server. According to phoneboy, http://www.phoneboy.com/faq/0428.html , I shall able to forward only port 25 and 80 from "NG" to internal mail server. I followed the faq to make sure "Perform destination translation on the client side" is checked and the following manual added NAT rules were added before the automatically added hide NAT rules. Original Translated Source Destination Service Source Destination Service Any firewallNG SMTP Any int_mailsrv Original Any firewallNG HTTP Any int_mailsrv Original It didn't work. If I access port 25 from internet, the log viewer will see firewall has ACCEPTED the "source" internet IP to access to the "destination" firewallNG at "service" SMTP. The destination still show firewallNG and it just can't reach the internal mail server SMTP port. Any helps are welcome. andrew. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|