|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT first or Route first?
> Question for the masses: On FW-1 v4.1, running on Windows NT 4.0, which > gets done first: NAT or OS routing? I can't see how you can do routing > first (since the source or destination of the packet may change during NAT), > but I have an odd situation on my hands suggesting that the NAT is being > done afterwards. OS Routing is done first. This is the reason that you need to add routes when doing static NAT with CheckPoint. Static NAT will not work unless the router knows to send data for the NAT'd address through the firewall either through a static ARP entry on the router or through proxy ARP on the firewall. The firewall itself needs a route to the public address through the internal address otherwise the traffic gets routed the wrong way. Finally, you need to configure NAT in CheckPoint itself. NG has an option to switch this behavior and do NAT first. You may want to pick up Dameon D. Welch-Abernathy's book "Essential CheckPoint Firewall-1" which explains NAT and CheckPoint very clearly. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
