[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Destination Static NATting
Thanks, Neil. But the problem is that I only have 1 NIC. Both logical internal and external IPs are located on the same NIC. Does this pose a problem? Thanks in advance. -----Original Message----- From: Ronneil Camara [mailto:[email protected]] Sent: Wednesday, August 21, 2002 12:59 PM To: [email protected] Subject: Re: [FW-1] Destination Static NATting Hey, looks like you forgot to execute the route command. You should add a route on external address pointing to the internal target address of the server. Parang ganito: route add 172.16.30.20 mask 255.255.255.255 10.0.0.4 Try this :) Maenard Martinez (TS-PH) writes: > Hi! > > I have a lab wherein I am simulating the setup below: > > Objective: Let external IPs (172.16.0.0/16) connect to the Internet services > on the 10.0.0.0/8 network > > FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 > [172.16.3.20/172.16.30.20] -------------- External > > The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two > valid (logically) IP addresses are bound that will act as external IP > addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate multiple > NICs. > > I did the following already on the Policy: > > SOURCE DESTINATION SERVICE ACTION > Any 172.16.30.20 FTP/HTTP/SMTP Accept > > > For the NAT, I have these: > > [ORIGINAL PACKET] [TRANSLATED PACKET] > SOURCE DESTINATION SERVICE SOURCE DESTINATION > SERVICE > Any 172.16.30.20 Any Orig 10.0.0.4 > Orig > > I also retrieved the MAC address of the NIC of the FW-1 and added it on the > local.arp and installed the policy. On the article from PhoneBoy, it > mentioned the IP spoofing configuration. I am not familiar with the said > configuration? > > After following the steps (except for the IP spoofing), it still doesn't > work. According to the log, the traffic from the external is being accepted > by 172.16.30.20, but that's it; there's no indication that the traffic is > being forwarded or translated to 10.0.0.4; but the FTP traffic is being > accepted by 172.16.30.20. I also have this route on my routing table > (NT4.0): > > Network Destination Netmask Gateway Interface Metric > 172.16.30.20 255.255.255.255 127.0.0.1 127.0.0.1 > 1 > 172.16.30.20 255.255.255.255 10.0.0.4 10.0.0.4 > 1 > Default Gateway: 10.0.0.1 > > Am I missing something? > > Any feedback is highly appreciated. > > Thanks, > Leo > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|