NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG NAT with one valid IP doesn't work



Jim,
 
I do not have the possibility to test this but did you check in the Global Properties, in the NAT section: "Perform destination translation on the client side" ? If you don't do this, it will not work.
 
And, as a sidepoint, I was trying to help you, your reply, intended or not, is a bit aggressive. I could have easily just not replied to your question...
 
Theo
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Jim Parker
Sent: Tuesday, April 23, 2002 11:55 AM
To: [email protected]
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work

And again, this NAT rule scenario doesn't work on FP1 or FP2.
Any - Firewall - http - | Original - Webserver - Original 
 
This does work, I've tested this on 4.1 SP5, NG FP1 and FP SP2.
any - firewall - http-mapped - accept
any - web_server - http - accept
 
Now, has anyone else TESTED this?
----- Original Message -----
Sent: Tuesday, April 23, 2002 9:11 AM
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work

And again :-) :
 
 
Tells it all....
 
Theo
 
 
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Raul Gonzalez
Sent: Monday, April 22, 2002 4:48 PM
To: [email protected]
Subject: [FW-1] NG NAT with one valid IP doesn't work

Hi,
we have a NG FW FP1  with 3 interfaces, and a DSL Router to investigate.
Configuration it's like that :
 
                                                                  Web server (192.168.2.100)
                                                                        |
                                                                        |
                                                                   DMZ Lan   (192.168.2.0)
                                                                        |
                                                                        |
                                                                        | (192.168.2.135)
192.168.1.0 (Internal LAN) ----------------------- Firewall NG -------------------------------------------------------- INTERNET
                                          (192.168.1.135)                         (212.11.21.13 Valid adress)
 
 
I am trying make port mapping to webserver for http and telnet services (http to web server and telnet to internal server)
using NAT, and "Perform destination traslation on the client side" is cheked.
However, I don't get NAT inside.
 
Rules :
 
Any   Webserver         http        Accept       Log
Any   Internalserver     telnet      Accept       Log
 
NAT RULES :
 
Any     Firewall          http         Original       Webserver         Original        Gateways
Any     Firewall          telnet       Original       Internalserver     Original        Gateways
 
I can get login but in Firewall host, not in Internalserver (no Xlated paquets in Log, but I can see
in log  :  
61.62.63.123  (Origin)        Firewall (Destination)   telnet (Service)     5 (rule number)    Accept
61.62.63.123  (Origin)        Firewall (Destination)   http (Service)        6 (rule number)    Accept
(I don't see drop packets about this, and "Log implied rules" is checked)
 
WHY don't  translate??? 
In Global Properties is checked "Automatic rules intersection", "Perform destination translation on the client side" and
"Automatic ARP configuration".
I have seen the Phoneboy document (http://www.phoneboy.com/faq/0428.html), but it doesn't work.
What's wrong??
 
I would like to hear some advise...
Thank's in advance
 
Raul Gonzalez
 
 
 
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.