Ok for whats its worth at
this point, I've tested this on IPSO 3.4.2, NG FP1 and it doesn't work for me
either. It simply does not address translate. I'll do further tests tomorrow.
-----Original
Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]]On Behalf Of Raul Gonzalez
Sent: 22 April 2002 15:48
To:
[email protected]
Subject: [FW-1] NG NAT with one
valid IP doesn't work
we have a NG FW FP1
with 3 interfaces, and a DSL Router to investigate.
Configuration it's like that :
Web
server (192.168.2.100)
192.168.1.0 (Internal LAN) -----------------------
Firewall NG -------------------------------------------------------- INTERNET
(192.168.1.135)
(212.11.21.13 Valid adress)
I am trying make port mapping to
webserver for http and telnet services (http to web server and telnet to
internal server)
using NAT, and "Perform
destination traslation on the client side" is cheked.
However, I don't get NAT inside.
Any
Webserver
http
Accept Log
Any
Internalserver telnet
Accept Log
Any
Firewall
http
Original
Webserver Original
Gateways
Any
Firewall
telnet
Original
Internalserver Original
Gateways
I can get login but in Firewall
host, not in Internalserver (no Xlated paquets in Log, but I can see
61.62.63.123 (Origin)
Firewall (Destination) telnet (Service) 5
(rule number) Accept
61.62.63.123 (Origin)
Firewall (Destination) http
(Service) 6 (rule
number) Accept
(I don't see drop packets about
this, and "Log implied rules" is checked)
In Global Properties is checked
"Automatic rules intersection", "Perform destination translation
on the client side" and
"Automatic ARP
configuration".
I would like to hear some advise...
Thank's in advance