Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Static NAT in NT

To: [email protected]
Subject: Re: [FW-1] Static NAT in NT
From: Symon Thurlow <[email protected]>
Date: Sat, 2 Feb 2002 06:51:29 +1230
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: IMHO/0.98.2 (Webmail for Roxen)

Ah, good point. As you have a new nat address, you need to ammend anti
spoof object.

Are you logging implied rules?

Symon

-------------------
> Hi,
> some ideas that might help for your static NAT problem
> - the static rule is before the hide rule, right?
> - local.arp correct interface, correct form (ip m-a-c), and correct
filename
> (case sensitive)?
> - after changes in local.arp FW restarted?
> - Anti-Spoofing ok?
> Hope it helps,
> best regards,
> Matthias
> http://www.fw-1.de
>
> Don wrote:
>
> > What version of Firewall-1 is this?
> >
> > > Hey everyone, I need somebody to confirm that I'm not going
crazy.  I
> > > setup a FW machine for a client.  Real basic setup.  Running NT,
FW-1
> > > 4.1 sp3.  2 Nics, one internal net, one external.  All users are
HIDE
> > > NAT but wants me to static NAT one address for a test exchange
server on
> > > internal net (yes, I know, shouldn't have it on internal net).
This
> > > setup isn't hard by all means.  Basically,
> > >
> > > 1.  Add NAT rules
> > > 2.  Add static route
> > > 3.  Add arp entry
> > > 4.  Create local.arp in state directory
> > >
> > >
> > > Well, I've created automatic and then manual NAT
rules....doesn't work
> > > I've put static routes...doesn't work
> > > i've added arp entries...doesn't work
> > > local.arp file is there...doesn't work.
> > >
> > >
> > > That exchange server will not get passed the firewall.  I look
at the
> > > logs and they say that they are translating the address (i.e
source
> > > 10.x.x.x Xlated source 209.x.x.x) but gets nowhere.  That
machine cannot
> > > even ping the internet router (default gateway for firewall) but
all
> > > other machines can.
> > >
> > > What am I missing?  Ive set this up a million times.  Even more
weird,
> > > his current FW is the same setup, NT, 2 nics, FW-1 4.1 but on a
slower
> > > machine but NATS perfect.  I've compared the two boxes and I
cannot see
> > > what the differences are...
> > >
> > > Any help would be great.
> > >
> > > Thanks,..
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
> --
> AERAsec Network Services and Security GmbH
> Wagenberger Straße 1
> D-85662 Hohenbrunn, Germany
> http://www.aerasec.de
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
Cheers,

Symon

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Static NAT in NT
  - From: Matthias Leu <[email protected]>

Prev by Date: [FW-1] CVP connection problem using NAVFW
Next by Date: Re: [FW-1] Static NAT in NT
Previous by thread: Re: [FW-1] Static NAT in NT
Next by thread: Re: [FW-1] Static NAT in NT
Index(es):
- Date
- Thread