Thanks, Neil. But the problem is that I only have 1 NIC. Both logical
internal and external IPs are located on the same NIC. Does this pose a
problem? Thanks in advance.
-----Original Message-----
From: Ronneil Camara [mailto:[email protected]]
Sent: Wednesday, August 21, 2002 12:59 PM
To: [email protected]
Subject: Re: [FW-1] Destination Static NATting
Hey, looks like you forgot to execute the route command. You should add a
route on external address pointing to the internal target address of the
server.
Parang ganito:
route add 172.16.30.20 mask 255.255.255.255 10.0.0.4
Try this :)
Maenard Martinez (TS-PH) writes:
Hi!
I have a lab wherein I am simulating the setup below:
Objective: Let external IPs (172.16.0.0/16) connect to the Internet
services
on the 10.0.0.0/8 network
FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1
[172.16.3.20/172.16.30.20] -------------- External
The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two
valid (logically) IP addresses are bound that will act as external IP
addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate
multiple
NICs.
I did the following already on the Policy:
SOURCE DESTINATION SERVICE ACTION
Any 172.16.30.20 FTP/HTTP/SMTP Accept
For the NAT, I have these:
[ORIGINAL PACKET] [TRANSLATED
PACKET]
SOURCE DESTINATION SERVICE SOURCE DESTINATION
SERVICE
Any 172.16.30.20 Any Orig 10.0.0.4
Orig
I also retrieved the MAC address of the NIC of the FW-1 and added it on
the
local.arp and installed the policy. On the article from PhoneBoy, it
mentioned the IP spoofing configuration. I am not familiar with the said
configuration?
After following the steps (except for the IP spoofing), it still doesn't
work. According to the log, the traffic from the external is being
accepted
by 172.16.30.20, but that's it; there's no indication that the traffic is
being forwarded or translated to 10.0.0.4; but the FTP traffic is being
accepted by 172.16.30.20. I also have this route on my routing table
(NT4.0):
Network Destination Netmask Gateway Interface
Metric
172.16.30.20 255.255.255.255 127.0.0.1 127.0.0.1
1
172.16.30.20 255.255.255.255 10.0.0.4 10.0.0.4
1
Default Gateway: 10.0.0.1
Am I missing something?
Any feedback is highly appreciated.
Thanks,
Leo
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================