[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT and Security
This is how I got it to work with the firewall module running on solaris: 1) create object for webserver, using the internal address on the General Tab. On the NAT tab, select Static and in the valid ip address enter your external ip address. 2) In security policy, add rule source->Any, destination-> object created in step #1, service http/https, action -> accept 3) save/install new policy 4) on firewall, add route to host; ex: /usr/sbin/route add <external ip> <internal ip> 1 5) you may need to add an arp statement so the system will answer for the exeternal ip address, example: arp -s <external ip> <mac address of external interface> pub ** We did not have to do this because all packets associated with our external interfaces subnet are forwarded to him by the router. 6) make sure you add the route and arp statments to a startup script so they get reapplied each time you reboot your server. All I did was create a S97rc.local script in /etc/rc3.d . -----Original Message----- From: Joe Bloggs [mailto:[email protected]] Sent: Friday, April 12, 2002 7:05 AM To: [email protected] Subject: Re: [FW-1] NAT and Security Use the destination as webserver_int. You'll also need to configure it as a static NAT. Also if you're running it on NT, you'll to create a local.arp file enter the mac + ip of the external int of your fw, then add a static route to your server from ext addr to int addr. :-) ----- Original Message ----- From: Joao Coimbra <mailto:[email protected]> To: [email protected] <mailto:[email protected]> Sent: Friday, April 12, 2002 11:12 AM Subject: [FW-1] NAT and Security Dear All, I have one question about translation address and security. If I have the following situation: webserver_int - 192.168.10.10 webserver_ext - 200.200.201.12 ( <http://www.ez.com> www.ez.com) I have created the NAT for those address, and I will have to configure the security. At the security tab must I configure wich way, A or B: A) source: any Destination: 200.200.201.12 (external) Service: http Action: Accept Or B) source: any Destination: 192.168.10.10 (internal) Service: http Action: Accept Is necessary to create a rule with the internal, external or both address? Thanks a lot!!! Best Regards for all. João Coimbra --> Gestão Técnica - MCSE / ASE --> [email protected] ---------------------------------------------------------------------------- --- Fone: +55 11 3365-0305 - Fax: +55 11 3365-0319 ---------------------------------------------------------------------------- --- EZTrade --> Transformamos seu business em e-business --> www.eztrade.com.br ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|