NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Destination Static NATting



Thanks, Neil. But the problem is that I only have 1 NIC. Both logical
internal and external IPs are located on the same NIC. Does this pose a
problem? Thanks in advance.

-----Original Message-----
From: Ronneil Camara [mailto:[email protected]]
Sent: Wednesday, August 21, 2002 12:59 PM
To: [email protected]
Subject: Re: [FW-1] Destination Static NATting


Hey, looks like you forgot to execute the route command. You should add a
route on external address pointing to the internal target address of the
server.

Parang ganito:

route add 172.16.30.20 mask 255.255.255.255 10.0.0.4

Try this :)

Maenard Martinez (TS-PH) writes:

> Hi!
>
> I have a lab wherein I am simulating the setup below:
>
> Objective: Let external IPs (172.16.0.0/16) connect to the Internet
services
> on the 10.0.0.0/8 network
>
> FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1
> [172.16.3.20/172.16.30.20] -------------- External
>
> The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two
> valid (logically) IP addresses are bound that will act as external IP
> addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate
multiple
> NICs.
>
> I did the following already on the Policy:
>
> SOURCE        DESTINATION        SERVICE                ACTION
> Any           172.16.30.20       FTP/HTTP/SMTP  Accept
>
>
> For the NAT, I have these:
>
>                 [ORIGINAL PACKET]                       [TRANSLATED
PACKET]
> SOURCE        DESTINATION      SERVICE    SOURCE        DESTINATION
> SERVICE
> Any           172.16.30.20       Any            Orig            10.0.0.4
> Orig
>
> I also retrieved the MAC address of the NIC of the FW-1 and added it on
the
> local.arp and installed the policy. On the article from PhoneBoy, it
> mentioned the IP spoofing configuration. I am not familiar with the said
> configuration?
>
> After following the steps (except for the IP spoofing), it still doesn't
> work. According to the log, the traffic from the external is being
accepted
> by 172.16.30.20, but that's it; there's no indication that the traffic is
> being forwarded or translated to 10.0.0.4; but the FTP traffic is being
> accepted by 172.16.30.20. I also have this route on my routing table
> (NT4.0):
>
> Network Destination        Netmask          Gateway       Interface
Metric
>        172.16.30.20  255.255.255.255        127.0.0.1       127.0.0.1
> 1
>          172.16.30.20  255.255.255.255    10.0.0.4              10.0.0.4
> 1
> Default Gateway:          10.0.0.1
>
> Am I missing something?
>
> Any feedback is highly appreciated.
>
> Thanks,
> Leo
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.