[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] redirection
Check Point seems only capable of fairly simple routing rules, and doesn't appear to support transparent proxying. The trouble is that you can't create a NAT rule where the number of addresses in the original destination doesn't match the number of addresses in the translated destination (you get a 'Cannot compute the range size' or ' The range size of Original and Translated columns must be the same' error). There has to be a one to one relationship between original and translated addresses. Hence you can't map all connections to port 80 destined for any address to port 8080 on your proxy server. You will have to perform the redirect on the operating system level. Windows 2000, however, doesn't appear to support this (I did look very hard though). Linux, on the other hand, has supported this since about 1996, so if this is really important to you consider switching to Linux. If Check Point ever get rid of this restriction, the NAT rule you want would be as follows: Orig Source: YourNetwork (except HttpProxyServer) Orig Dest: Any Orig Service: TCP http Trans Source: = Original Trans Dest: HttpProxyServer Trans Service: TCP 8080 At 16:11 28/02/2002 +0200, Haim Chibotero wrote: Hi all how can I make a rule so all my clients in the LAN will be redirected when they use http to a proxy server, I don't want to change nothing on the client side like I want when they use http that it will redirect to 192.168.1.10:8080 and from there the proxy will do the job
|