Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] redirection

To: [email protected]
Subject: Re: [FW-1] redirection
From: Dale Wilson <[email protected]>
Date: Thu, 28 Feb 2002 16:07:24 +0000
In-reply-to: <[email protected] ra>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Check Point seems only capable of fairly simple routing rules, and doesn't
appear to support transparent proxying. The trouble is that you can't
create a NAT rule where the number of addresses in the original destination
doesn't match the number of addresses in the translated destination (you
get a 'Cannot compute the range size' or ' The range size of Original and
Translated columns must be the same' error). There has to be a one to one
relationship between original and translated addresses. Hence you can't map
all connections to port 80 destined for any address to port 8080 on your
proxy server. You will have to perform the redirect on the operating system
level. Windows 2000, however, doesn't appear to support this (I did look
very hard though). Linux, on the other hand, has supported this since about
1996, so if this is really important to you consider switching to Linux.

If Check Point ever get rid of this restriction, the NAT rule you want
would be as follows:
Orig Source: YourNetwork (except HttpProxyServer)
Orig Dest: Any
Orig Service: TCP http
Trans Source: = Original
Trans Dest: HttpProxyServer
Trans Service: TCP 8080

At 16:11 28/02/2002 +0200, Haim Chibotero wrote:

Hi all
how can I make a rule so all my clients in the LAN will be redirected when
they use http to a proxy server, I don't want to change nothing on the
client side
like I want when they use http that it will redirect to 192.168.1.10:8080
and from there the proxy will do the job

Thanks in advance

btw I am using CP 4.1 + sp5 on w2k platform !

Haim Chibotero
IT       Manager
     MaxBill
T:+972 3 9114000
F:+972 3 9114001
C:+972 54 930384
<http://www.maxbill.com/>www.maxbill.com


=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Nimda rule (URI resource matching) makes file-uploadin g fail
Next by Date: Re: [FW-1] Nimda rule (URI resource matching) makes file-uploading fail
Previous by thread: Re: [FW-1] redirection
Next by thread: Re: [FW-1] redirection
Index(es):
- Date
- Thread