Yes, it's the firewall outside IP
address.
I tried checking and unchecking the 3 NAT options,
and didn't make any difference
I don't get the FW translate any DEstination
packet, only translate Source packets.
The log "Xlated Source Xlated Dest." shows
only packets from Internal LAn :
NAT RULES
Internal_Lan
Internal_Lan Any
Original
Original
Original
Gateways (WORKS)
Internal_Lan Any
Any Valid_Add
Original
Original
Gateways (WORKS)
Any
Firewall
http
Original Webserver
Original
Gateways (DOESN'T WORK)
Any
Firewall
telnet
Original Internalserver
Original
Gateways (DOESN'T WORK)
Raul Gonzalez
----- Original Message -----
Sent: Tuesday, April 23, 2002 2:05
AM
Subject: Re: [FW-1] NG NAT with one valid
IP doesn't work
One other thing. Is
the address you are trying to pat the firewall outside IP Address. If
not you still need to add an arp and routes. NG will not do this for
manual defined rules.
James
-----Original
Message----- From: Mailing
list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Jim Parker Sent: Monday, April 22, 2002 6:09
PM To:
[email protected] Subject: Re: [FW-1] NG NAT with one valid
IP doesn't work
Yes
tried that, didn't make any difference. Anyone else tried
this?
I see
that 'http-mapped' is still in NG so this is one possible PAT solution however
I don't see why this feature doesn't work. I'll test it on FP2 in the
morning.
-----Original
Message----- From: Mailing
list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of James
Oryszczyn Sent: 22 April
2002 22:54 To:
[email protected] Subject: Re: [FW-1] NG NAT with one
valid IP doesn't work
Remove
the Automatic rules intersection and
see if it works.
James
-----Original
Message----- From: Mailing
list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Jim Parker Sent: Monday, April 22, 2002 3:49
PM To:
[email protected] Subject: Re: [FW-1] NG NAT with one
valid IP doesn't work
Ok for
whats its worth at this point, I've tested this on IPSO 3.4.2, NG FP1 and it
doesn't work for me either. It simply does not address translate. I'll do
further tests tomorrow.
-----Original
Message----- From:
Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Raul
Gonzalez Sent: 22 April
2002 15:48 To:
[email protected] Subject: [FW-1] NG NAT with one valid
IP doesn't work
we have a NG FW FP1
with 3 interfaces, and a DSL Router to
investigate.
Configuration it's like that
:
Web
server (192.168.2.100)
192.168.1.0 (Internal
LAN) ----------------------- Firewall NG
--------------------------------------------------------
INTERNET
(192.168.1.135)
(212.11.21.13 Valid adress)
I am trying make port mapping
to webserver for http and telnet services (http to web server and telnet
to internal server)
using NAT, and "Perform
destination traslation on the client side" is
cheked.
However, I don't get NAT
inside.
Any
Webserver
http
Accept
Log
Any
Internalserver telnet
Accept
Log
Any
Firewall
http
Original
Webserver
Original
Gateways
Any
Firewall
telnet
Original
Internalserver
Original
Gateways
I can get login but in
Firewall host, not in Internalserver (no Xlated paquets in Log, but I can
see
61.62.63.123 (Origin)
Firewall (Destination) telnet
(Service) 5 (rule number)
Accept
61.62.63.123 (Origin)
Firewall (Destination) http
(Service) 6 (rule
number) Accept
(I don't see drop packets
about this, and "Log implied rules" is checked)
In Global Properties is
checked "Automatic rules intersection", "Perform destination translation
on the client side" and
"Automatic ARP
configuration".
I would like to hear some
advise... Thank's in advance
|