Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NAT on FW NG FP2

To: [email protected]
Subject: [FW-1] NAT on FW NG FP2
From: "Gierke, Katrin" <[email protected]>
Date: Wed, 5 Jun 2002 15:49:57 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hallo *,

I have a FW NG FP2 (W2k) and need to translate a couple of internal
(invalid) IP addresses for special connections. I configured the relevant
objects with static NAT and let the global NAT properties as default (all
automatic). If a internal mashine tries to connect the external machine the
log says:

service : ssh
source : internal machine
destination : external machine
action : accept
info : (none)

service : (none)
source : valid IP for internal machine
destination : router (gateway for FW on LAN site)
action : drop
info : icmp-type 3 icmp-code 0 message_info address spoofing

service : (none)
source : FW
destination : invalid IP for internal machine
action : drop
info : icmp-type 5 icmp-code 1 message_info packet out of state

The connection can not be established. In the FW properties anti-spoofing is
enabled, for the internal interface I used a group with both networks in it
(LAN & translated network). The FireWall-1 Guide say's if the global
parameters set to 'all automatic' no more configurations are necessary. What
do I wrong?

Thanks for help!
Katrin


Mit freundlichen Grüßen
K. Gierke
_________________________________________________________________________
MVD GmbH Potsdam                  | Netzwerkadministratorin
Abt. EDV                    | Telefon: +49 331 2840-944
Friedrich-Engels-Str. 24    | FAX: +49 331 2840-905
14473 Potsdam               | eMail: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] How to connecto to 2 ISP's?
Next by Date: Re: [FW-1] Can anyone explain these FW-1 entries?
Previous by thread: Re: [FW-1] Can anyone explain these FW-1 entries?
Next by thread: [FW-1] adding custom attributes to schema.ldif
Index(es):
- Date
- Thread