NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT and Security



This is how I got it to work with the firewall module running on solaris:

1) create object for webserver, using the internal address on the General
Tab.  On the NAT tab, select Static and in the valid ip address enter your
external ip address.

2) In security policy, add rule source->Any, destination-> object created in
step #1, service http/https, action -> accept

3) save/install new policy

4) on firewall, add route to host; ex: /usr/sbin/route add <external ip>
<internal ip> 1

5) you may need to add an arp statement so the system will answer for the
exeternal ip address, example: arp -s <external ip> <mac address of external
interface> pub  ** We did not have to do this because all packets associated
with our external interfaces subnet are forwarded to him by the router.

6)  make sure you add the route and arp statments to a startup script so
they get reapplied each time you reboot your server.  All I did was create a
S97rc.local script in /etc/rc3.d .


 -----Original Message-----
From: Joe Bloggs [mailto:[email protected]]
Sent: Friday, April 12, 2002 7:05 AM
To: [email protected]
Subject: Re: [FW-1] NAT and Security



Use the destination as webserver_int. You'll also need to configure it as a
static NAT. Also if you're running it on NT, you'll to create a local.arp
file enter the mac + ip of the external int of your fw, then add a static
route to your server from ext addr to int addr.

:-)

----- Original Message -----

From: Joao Coimbra <mailto:[email protected]>
To: [email protected]
<mailto:[email protected]>
Sent: Friday, April 12, 2002 11:12 AM
Subject: [FW-1] NAT and Security


Dear All,

I have one question about translation address and security.

If I have the following situation:

webserver_int - 192.168.10.10
webserver_ext - 200.200.201.12 (  <http://www.ez.com> www.ez.com)

I have created the NAT for those address, and I will have to configure the
security.

At the security tab must I configure wich way, A or B:

A)
source: any
Destination: 200.200.201.12 (external)
Service: http
Action: Accept

Or

B)
source: any
Destination: 192.168.10.10 (internal)
Service: http
Action: Accept

Is necessary to create a rule with the internal, external or both address?

Thanks a lot!!!
Best Regards for all.



João Coimbra --> Gestão Técnica - MCSE / ASE
--> [email protected]
----------------------------------------------------------------------------
---
Fone: +55 11 3365-0305 - Fax: +55 11 3365-0319
----------------------------------------------------------------------------
---
EZTrade --> Transformamos seu business em e-business
--> www.eztrade.com.br

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.