[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT w/ Multiple External IP's
Title: NAT w/ Multiple External IP's Yes,
you can do that with Firewall-1; you'll just need a device on your internal
segment that's capable of routing. Please note that you will need to
choose an IP other than the real IP of your firewall, and proxy arp (published
arp) that address on the external interface of your firewall (please re-post if
you need to use the external interface of the firewall, and we can talk about
security servers).
When
you specify the route on your firewall, specify the routing-capable device on
your internal network as
the next hop (e.g. in Solaris: "route add -host 216.75.169.101
192.168.1.10", where 192.168.1.10 is a Cisco router or forwarding-enabled NT
server on the internal network).
In
your NAT rulebase, specify the static NATs inbound as
follows:
Orig
src: any
Orig
dst: Outside-IP
Orig
svc: http
Trans
src: orig
Trans
dst: static (machine1)
Trans
svc: orig
Orig
src: any
Orig
dst: Outside-IP
Orig
svc: smtp
Trans
src: orig
Trans
dst: static (machine2)
Trans
svc: orig
That's
a pretty brief overview; please re-post if you need more details. Good
luck!
Dan
-----Original Message-----
From: Steve Antoniewicz [mailto:[email protected]] Sent: Tuesday, March 12, 2002 10:08 AM To: [email protected] Subject: [FW-1] NAT w/ Multiple External IP's
|