From: James Oryszczyn <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work
Date: Mon, 22 Apr 2002 19:05:19 -0500
One other thing. Is the address you are trying to pat the firewall
outside IP Address. If not you still need to add an arp and routes. NG
will not do this for manual defined rules.
James
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Jim
Parker
Sent: Monday, April 22, 2002 6:09 PM
To: [email protected]
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work
Yes tried that, didn't make any difference. Anyone else tried this?
I see that 'http-mapped' is still in NG so this is one possible PAT
solution however I don't see why this feature doesn't work. I'll test it
on FP2 in the morning.
JP
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of James
Oryszczyn
Sent: 22 April 2002 22:54
To: [email protected]
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work
Remove the Automatic rules intersection and see if it works.
James
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Jim
Parker
Sent: Monday, April 22, 2002 3:49 PM
To: [email protected]
Subject: Re: [FW-1] NG NAT with one valid IP doesn't work
Ok for whats its worth at this point, I've tested this on IPSO 3.4.2, NG
FP1 and it doesn't work for me either. It simply does not address
translate. I'll do further tests tomorrow.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Raul
Gonzalez
Sent: 22 April 2002 15:48
To: [email protected]
Subject: [FW-1] NG NAT with one valid IP doesn't work
Hi,
we have a NG FW FP1 with 3 interfaces, and a DSL Router to investigate.
Configuration it's like that :
Web
server (192.168.2.100)
|
|
DMZ
Lan (192.168.2.0)
|
|
| (192.168.2.135)
192.168.1.0 (Internal LAN) ----------------------- Firewall NG
-------------------------------------------------------- INTERNET
(192.168.1.135)
(212.11.21.13 Valid adress)
I am trying make port mapping to webserver for http and telnet services
(http to web server and telnet to internal server)
using NAT, and "Perform destination traslation on the client side" is
cheked.
However, I don't get NAT inside.
Rules :
Any Webserver http Accept Log
Any Internalserver telnet Accept Log
NAT RULES :
Any Firewall http Original Webserver
Original Gateways
Any Firewall telnet Original Internalserver
Original Gateways
I can get login but in Firewall host, not in Internalserver (no Xlated
paquets in Log, but I can see
in log :
61.62.63.123 (Origin) Firewall (Destination) telnet (Service)
5 (rule number) Accept
61.62.63.123 (Origin) Firewall (Destination) http (Service)
6 (rule number) Accept
(I don't see drop packets about this, and "Log implied rules" is
checked)
WHY don't translate???
In Global Properties is checked "Automatic rules intersection", "Perform
destination translation on the client side" and
"Automatic ARP configuration".
I have seen the Phoneboy document
(http://www.phoneboy.com/faq/0428.html), but it doesn't work.
What's wrong??
I would like to hear some advise...
Thank's in advance
Raul Gonzalez