Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Static NAT in NT

To: [email protected]
Subject: Re: [FW-1] Static NAT in NT
From: Bill McCabe <[email protected]>
Date: Mon, 4 Feb 2002 11:57:14 -0500
In-reply-to: <6FEBF693C9AED3119F370004AC96C81A5C127D@POBLANO>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

The default gateway has to be correct on the mail server or it wouldn't be
hitting the firewall. I'd check the ARP cache on the router and see if it's
picking up the association. If you're controlling the router config, then
just put the static arp entry there instead of depending on local.arp to
work. It's very quirky. I've had it accept three but not four assignments,
and it fusses over blink lines.

At 9:58 AM -0600 2/4/02, Randy Allen wrote:
>
>
>Have you checked your default gateway on the mail server?
>
>
>-----Original Message-----
>From: Aeon Hale
>[<mailto:[email protected]>mailto:[email protected]]
>Sent: Friday, February 01, 2002 7:32 AM
>To: [email protected]
>Subject: [FW-1] Static NAT in NT
>
>
>Hey everyone, I need somebody to confirm that I'm not going crazy.  I
>setup a FW machine for a client.  Real basic setup.  Running NT, FW-1
>4.1 sp3.  2 Nics, one internal net, one external.  All users are HIDE
>NAT but wants me to static NAT one address for a test exchange server on
>internal net (yes, I know, shouldn't have it on internal net).  This
>setup isn't hard by all means.  Basically,
>
>
>1.  Add NAT rules
>2.  Add static route
>3.  Add arp entry
>4.  Create local.arp in state directory
>
>
>
>Well, I've created automatic and then manual NAT rules....doesn't work
>I've put static routes...doesn't work
>i've added arp entries...doesn't work
>local.arp file is there...doesn't work.
>
>
>
>That exchange server will not get passed the firewall.  I look at the
>logs and they say that they are translating the address (i.e source
>10.x.x.x Xlated source 209.x.x.x) but gets nowhere.  That machine cannot
>even ping the internet router (default gateway for firewall) but all
>other machines can.
>
>
>What am I missing?  Ive set this up a million times.  Even more weird,
>his current FW is the same setup, NT, 2 nics, FW-1 4.1 but on a slower
>machine but NATS perfect.  I've compared the two boxes and I cannot see
>what the differences are...
>
>
>Any help would be great.
>
>
>Thanks,..
>
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
><http://www.checkpoint.com/services/mailing.html>http://www.checkpoint.com/serv
>ices/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Static NAT in NT
  - From: Randy Allen <[email protected]>

Prev by Date: [FW-1] Hide NAT depending on destination
Next by Date: Re: [FW-1] 1Gb throughput?
Previous by thread: Re: [FW-1] Static NAT in NT
Next by thread: Re: [FW-1] Static NAT in NT
Index(es):
- Date
- Thread