Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Static NAT and Port Translation

To: [email protected]
Subject: Re: [FW-1] Static NAT and Port Translation
From: "Melcher, Andrew" <[email protected]>
Date: Thu, 7 Feb 2002 10:50:17 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

That is a feature of NAT.  The port 55000 etc. is a designation of the
computer path.  Think about the confusion the router/FW would have if two or
more machines internally used the same protocol to NAT to the outside.  The
responses from the outside will both come to the router/FW designating
209.124.222.1\161 and which machine does the router/FW send it to? For more
info as a start here are a couple urls:
http://www.vicomsoft.com/index.html?page=http://www.vicomsoft.com/knowledge/
reference/nat.html*track=internal

http://www.cisco.com/warp/public/732/nat/

-----Original Message-----
From: Leo Badinger [mailto:[email protected]]
Sent: Thursday, February 07, 2002 9:30 AM
To: [email protected]
Subject: [FW-1] Static NAT and Port Translation


I'm running FW-1 Version 4.0 on NT 4.0

I currently have an internal host using a private address 192.168.1.1. I
have this host setup to use Static NAT to the external address
209.124.222.1. It appears as though the firewall is translating the port
numbers as well as the IP address. Is this normal?  If I capture packets on
the dmz segment and issue an snmpget command from my internal host to an
internet host I see the translated IP address but the SNMP ports it's using
are 55000, 56,000 etc.  Is there a way to make it use the original port
(161) and not translate that?

Thanks.

Leo Badinger

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] 255.255.255.255 as source IP
Next by Date: Re: [FW-1] FW-1 Logging Inconsistencies
Previous by thread: Re: [FW-1] Static NAT and Port Translation
Next by thread: Re: [FW-1] Static NAT and Port Translation
Index(es):
- Date
- Thread