[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Static NAT in NT



that mail server cannot be reached from internet,
(do you see traffic coming to your firewall?)
nor can it reach the internet (do you see in the logs that the mail server
gets address translated properly?

 Should I flush the arps on the switch?
flush the switch, better yet put the firewall interfaces on an unmanaged hub
(the dumber the device the better)

Pete

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Aeon
Hale
Sent: Friday, February 01, 2002 12:51 PM
To: [email protected]
Subject: Re: [FW-1] Static NAT in NT


Ok, here's what I have:

internal addy 10.1.5.x
external addy 209.x.x.x

route add -p 209.x.x.x 10.1.5.x
arp -s 209.x.x.x [MAC of FW]

local.arp:
209.x.x.x [MAC of FW]

NAT RULE:
        source          des.            serv.           xlate src.
xlated des.             service

1.  internal            any             any             external
orig                    orig
2.  any                 external        any             orig
internal                orig
3.  HIDE NAT RULES

RULEBASE RULE:

1.  any                 mailserver      SMTP            accept
long


I've manually created NAT rules as well as tried automatic.  neither
works.  My clients current firewall is up and running with the same
exact IP's and configs, but when I put this new FW in place (and bring
the other one offline) that mail server cannot be reached from internet,
nor can it reach the internet.  The external interface plugs into a
Cicso Cat Switch.  Would it's arp tables be causing any issues?  Should
I flush the arps on the switch?



-----Original Message-----
From: Symon Thurlow [mailto:[email protected]]
Sent: Friday, February 01, 2002 1:20 PM
To: [email protected]
Subject: Re: [FW-1] Static NAT in NT


Have you got your NATS aorund the wrong way? You mention below source
10.x xlated src 209.x

Surely you mean the other way around.

Also, do you have your static NAT rule above your internal hide rule?

Are you sure that the external address you are nating is correct as
far as networks go etc?

Symon

-------------------
> 4.1 sp3
>
>
>
> -----Original Message-----
> From: Don [mailto:[email protected]]
> Sent: Friday, February 01, 2002 9:46 AM
> To: [email protected]
> Subject: Re: [FW-1] Static NAT in NT
>
>
> What version of Firewall-1 is this?
>
> > Hey everyone, I need somebody to confirm that I'm not going crazy.
 I
> > setup a FW machine for a client.  Real basic setup.  Running NT,
FW-1
> > 4.1 sp3.  2 Nics, one internal net, one external.  All users are
HIDE
> > NAT but wants me to static NAT one address for a test exchange
server
> on
> > internal net (yes, I know, shouldn't have it on internal net).
This
> > setup isn't hard by all means.  Basically,
> >
> > 1.  Add NAT rules
> > 2.  Add static route
> > 3.  Add arp entry
> > 4.  Create local.arp in state directory
> >
> >
> > Well, I've created automatic and then manual NAT rules....doesn't
work
> > I've put static routes...doesn't work
> > i've added arp entries...doesn't work
> > local.arp file is there...doesn't work.
> >
> >
> > That exchange server will not get passed the firewall.  I look at
the
> > logs and they say that they are translating the address (i.e
source
> > 10.x.x.x Xlated source 209.x.x.x) but gets nowhere.  That machine
> cannot
> > even ping the internet router (default gateway for firewall) but
all
> > other machines can.
> >
> > What am I missing?  Ive set this up a million times.  Even more
weird,
> > his current FW is the same setup, NT, 2 nics, FW-1 4.1 but on a
slower
> > machine but NATS perfect.  I've compared the two boxes and I
cannot
> see
> > what the differences are...
> >
> > Any help would be great.
> >
> > Thanks,..
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
Cheers,

Symon

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================