NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Question on ip forwarding



... and don't forget to add rules to allow http and/or https traffic to your
web server...  Just adding rules for NAT will translate your IP's but do
nothing to allow the traffic.

The overview is:
- add web server objects
- add NAT rules (may be automatic) and proxy ARP
- add route
- add rules to allow http traffic


MM


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
Roelandts, Guy
Sent: Wednesday, June 19, 2002 4:43 AM
To: [email protected]
Subject: Re: [FW-1] Question on ip forwarding


Conrad,

   This is correct but for 4.1 you needed also to add a route on the
Firewall,
  giving the Nt example :

        route add -p <external-IP-address> mask 255.255.255.255
<internal-ip-address>

        where <external-ip-address> is the published external IP address
        where <internal-ip-address> is either the Internal IP address of the
server
                or the IP address of the router sitting between the Firewall
and the
                Internal server

   If you are using NG, the story is completely different, as you have
client
  side NAT available now.

Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSE-NG
Compaq BeLux - now part of the New HP
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================


-----Original Message-----
From: Conrad Ng [mailto:[email protected]]
Sent: 19 June 2002 09:14
To: [email protected]
Subject: Re: [FW-1] Question on ip forwarding


Thanks for you reply BillO

Actually I have done all those 9 steps. However I still donno why I can't
access my web server through an external ip. Even I try to type the external
ip under the brower inside the Firewall Server, I also not able to access
it. One thing that I want to ask regarding to step 9. Is it just simply
create a file called "local.arp" and add in the external address with the
corresponding MAC address? If not, please correct me. Thanks a lot!

Conrad

-----Original Message-----
From: BillO [mailto:[email protected]]
Sent: 19 June 2002 11:33
To: [email protected]
Subject: Re: [FW-1] Question on ip forwarding


In general -- under version 4.1 -- you could either create automatic rules
or manually create your NAT rules.  I am not familiar with NG, but I believe
the basics are the same as below with a few automatic options.

automoatic NAT
===========
1. create a workstation object.
2. use the actual ip under the first tab.
3. click on NAT tab
4. put checkmark in "create automatic translation"
5. select STATIC
6. put external IP address (the one not actually on the box).
7. add a PROXY ARP MAC address using the external MAC for the external ip
address.

manual NAT
=========
1. create a workstation object with the external ip address.
2. create a workstation object with the internal ip address
3. click on "network address translation tab"
4. add two rules (if there are other rules already there, make sure there is
not logic conflict).
5. for rule one, put external ip workstation object in original destination.
6. for rule one, put internal ip workstation object in translated
destination.
7. for rule two, put internal ip workstation object in original source.
8. for rule two, put external ip workstation object in translated source.
9. add a PROXY ARP MAC address using the external MAC for the external ip
address.

If you did not do the above, what steps did you do to NAT the external IP?

Bill
----- Original Message -----
From: "Conrad Ng" <[email protected]>
To: <[email protected]>
Sent: Tuesday, June 18, 2002 8:59 PM
Subject: [FW-1] Question on ip forwarding


> Dear all
>
> I have got an external ip need to forward to an internal ip under
Checkpoint
> Firewall-1. Actually I have already added the rules in the Naming
> Translation tab. However, I donno why I still can't access to the
> destination using the external ip. Is there any order that I need to
follow?
> Am I missed anything except from adding the rules into the firewall? I
> really hope someone can help me as I am really a newbie to this
application.
> Thanks a lot!!!
>
> Conrad Ng
>
>
> ______________________________________________________
>
> Scott Wilson Ltd celebrates its new name during its 50th year in Hong
Kong!
>
> This e-mail and any attachments to it are intended only for the party to
> whom they are addressed. They may contain privileged and/or confidential
> information. If you have received this transmission in error please notify
> the sender immediately and delete any digital copies and destroy any paper
> copies. Thank you.
>
> Scott Wilson accepts no contractual liabilities or commitments arising
from
> this e-mail unless subsequently confirmed by fax or letter or as an e-mail
> attachment giving company name, address, registration number and
authorized
> signatory.
> ______________________________________________________
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


______________________________________________________

Scott Wilson Ltd celebrates its new name during its 50th year in Hong Kong!

This e-mail and any attachments to it are intended only for the party to
whom they are addressed. They may contain privileged and/or confidential
information. If you have received this transmission in error please notify
the sender immediately and delete any digital copies and destroy any paper
copies. Thank you.

Scott Wilson accepts no contractual liabilities or commitments arising from
this e-mail unless subsequently confirmed by fax or letter or as an e-mail
attachment giving company name, address, registration number and authorized
signatory.
______________________________________________________

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

================================================To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
================================================To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================If you have any questions on how to change your
subscription options, email
[email protected]
================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.