NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT of snmp packets



Is doing static NAT.
This is the situation, a snoop in the internal host. His public IP is
213.69.69.69

njtmrro1 -> 213.69.69.69 UDP D=162 S=161 LEN=99
njtmrro1 -> 213.69.69.69  UDP D=162 S=161 LEN=153
njtmrro1 -> gesti     UDP D=162 S=161 LEN=99
njtmrro1 -> gesti     UDP D=162 S=161 LEN=153


gesti is the internal IP, and 213.69.69.69 the external (NAT) Ip. Aproximately the 60% of the snmp packets are nated, but the other 40% are not Nated, but the firewall accept and redirect this packets without problem.


njtmrro1 ============================> Firewall =======================================> gesti snmp packets (traps) to 213.69.69.69 NAT or not NAT ?, that´s the question IP=192.168.1.4

We have Firewall-1 with 4.1 SP5 over Solaris 7

Rafael Vida


Carlos Roque wrote:


Is the firewall doing Hide NAT or Static NAT?.
If the SNMP server is behind the firewall with an invalid address, you need
to double check the NAT rules. If the SNMP server is translated with static
NAT make sure the host sending the snmp packets is using the correct IP
address (Static translated IP address).


Carlos Roque Network Consultant CCSA GlobalNetwork Technology Services, L.A.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Rafael
Vida
Sent: Wednesday, April 10, 2002 3:20 AM
To: [email protected]
Subject: [FW-1] NAT of snmp packets

Hi.
We have a problem with NAT and snmp packets.
There are a lot of snmp packets (20%)  that the firewall accepts, but it
doesn´t the NAT translation.
When a snmp packet arrives to the firewall, the destination address is
false, the firewall accepts the packet, and when this packets arrive to
the destination host, there are a few packets with the invalid address.
Do you know this problem?
Thanks in advance.


Rafael Vida Security Manager CEI, Ing. OSS. Telefónica Data España

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.