Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT w/ Multiple External IP's

To: [email protected]
Subject: Re: [FW-1] NAT w/ Multiple External IP's
From: Dan Hitchcock <[email protected]>
Date: Tue, 12 Mar 2002 14:26:15 -0800
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: NAT w/ Multiple External IP's

Yes, you can do that with Firewall-1; you'll just need a device on your internal segment that's capable of routing. Please note that you will need to choose an IP other than the real IP of your firewall, and proxy arp (published arp) that address on the external interface of your firewall (please re-post if you need to use the external interface of the firewall, and we can talk about security servers).

When you specify the route on your firewall, specify the routing-capable device on your internal network as the next hop (e.g. in Solaris: "route add -host 216.75.169.101 192.168.1.10", where 192.168.1.10 is a Cisco router or forwarding-enabled NT server on the internal network).

In your NAT rulebase, specify the static NATs inbound as follows:

Orig src: any

Orig dst: Outside-IP

Orig svc: http

Trans src: orig

Trans dst: static (machine1)

Trans svc: orig

Orig src: any

Orig dst: Outside-IP

Orig svc: smtp

Trans src: orig

Trans dst: static (machine2)

Trans svc: orig

That's a pretty brief overview; please re-post if you need more details. Good luck!

Dan

-----Original Message-----
From: Steve Antoniewicz [mailto:[email protected]]
Sent: Tuesday, March 12, 2002 10:08 AM
To: [email protected]
Subject: [FW-1] NAT w/ Multiple External IP's

What is the best way to configure NAT on IPSO and IP330 so that I can have 1 real IP for the NAT pool, and several real IP's that map to different ports on the private network.

For example:

216.75.169.100 - Ethernet interface of router to internet
             |
             |
             |
216.75.169.101 - External interface of IP330
             |
192.168.1.1 - Internal Interface of IP330
             |
             |
             |
             |
      |--------------|
      |              |
Machine1     Machine2
HTTP 80         POP3 110
                     SMTP 25

Machine 1 External IP is 216.75.169.102:80 and internal IP is 192.168.1.2:80

Machine 2 External IP is 216.75.169.102:110 and internal IP is 192.168.1.3:110
Machine 2 External IP is 216.75.169.103:25 and internal IP is 192.168.1.3:25

Catch my drift?
Can this type of Port Address Translation be accomplished with Firewall - 1?

If not, my cisco box can do it, but how will the firewall allow the traffic in?

--Steve

Prev by Date: [FW-1] NG error message (inside DAG_range)
Next by Date: [FW-1] VPN <-> Netscreen - 2 questions
Previous by thread: [FW-1] NAT w/ Multiple External IP's
Next by thread: [FW-1] dbedit in NG
Index(es):
- Date
- Thread