Ok for
whats its worth at this point, I've tested this on IPSO 3.4.2, NG FP1 and it
doesn't work for me either. It simply does not address translate. I'll do
further tests tomorrow.
-----Original
Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]]On Behalf Of Raul Gonzalez
Sent: 22 April 2002 15:48
To:
[email protected]
Subject: [FW-1] NG NAT with one
valid IP doesn't work
we have a NG FW FP1
with 3 interfaces, and a DSL Router to investigate.
Configuration it's like that :
Web
server (192.168.2.100)
192.168.1.0 (Internal
LAN) ----------------------- Firewall NG --------------------------------------------------------
INTERNET
(192.168.1.135)
(212.11.21.13 Valid adress)
I am trying make port mapping to webserver
for http and telnet services (http to web server and telnet to internal server)
using NAT, and "Perform
destination traslation on the client side" is cheked.
However, I don't get NAT inside.
Any
Webserver
http Accept
Log
Any
Internalserver telnet
Accept Log
Any
Firewall
http
Original
Webserver Original
Gateways
Any
Firewall
telnet
Original
Internalserver Original
Gateways
I can get login but in Firewall
host, not in Internalserver (no Xlated paquets in Log, but I can see
61.62.63.123 (Origin)
Firewall (Destination) telnet (Service) 5
(rule number) Accept
61.62.63.123 (Origin)
Firewall (Destination) http
(Service) 6 (rule
number) Accept
(I don't see drop packets about
this, and "Log implied rules" is checked)
In Global Properties is checked
"Automatic rules intersection", "Perform destination translation
on the client side" and
"Automatic ARP
configuration".
I would like to hear some advise...
Thank's in advance