NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Destination Static NATting


  • To: [email protected]
  • Subject: Re: [FW-1] Destination Static NATting
  • From: "Martin, Kevin" <[email protected]>
  • Date: Thu, 22 Aug 2002 15:42:17 -0500
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcJH8OdJHxRIMh/CT6GBYIOglMt85QCKyOVg
  • Thread-topic: Re: [FW-1] Destination Static NATting

For those of you who don't know Filipino, this has been translated for
me by a friend to mean (roughly) "I guess you're sending here too".

Thanks and Regards,

Kevin Martin <[email protected]>
TD Options, LLC   Security Officer
230 S. LaSalle, 6th Floor  Chicago, IL  60604
T:F:-----Original Message-----
From: Leonard Panares (TS-PH)
[mailto:[email protected]]
Sent: Monday, August 19, 2002 6:26 PM
To: [email protected]
Subject: Re: [FW-1] Destination Static NATting


hahahahahaah...nagpapadala ka rin pala dito :-D

-----Original Message-----
From: Maenard Martinez (TS-PH)
Sent: Monday, August 19, 2002 10:39 PM
To: [email protected]
Subject: [FW-1] Destination Static NATting


Hi!

I have a lab wherein I am simulating the setup below:

Objective: Let external IPs (172.16.0.0/16) connect to the Internet
services on the 10.0.0.0/8 network

FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1
[172.16.3.20/172.16.30.20] -------------- External

The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1.
Two valid (logically) IP addresses are bound that will act as external
IP addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate
multiple NICs.

I did the following already on the Policy:

SOURCE        DESTINATION        SERVICE                ACTION
Any           172.16.30.20       FTP/HTTP/SMTP  Accept


For the NAT, I have these:

                [ORIGINAL PACKET]                       [TRANSLATED
PACKET]
SOURCE        DESTINATION      SERVICE    SOURCE        DESTINATION
SERVICE
Any           172.16.30.20       Any            Orig            10.0.0.4
Orig

I also retrieved the MAC address of the NIC of the FW-1 and added it on
the local.arp and installed the policy. On the article from PhoneBoy, it
mentioned the IP spoofing configuration. I am not familiar with the said
configuration?

After following the steps (except for the IP spoofing), it still doesn't
work. According to the log, the traffic from the external is being
accepted by 172.16.30.20, but that's it; there's no indication that the
traffic is being forwarded or translated to 10.0.0.4; but the FTP
traffic is being accepted by 172.16.30.20. I also have this route on my
routing table
(NT4.0):

Network Destination        Netmask          Gateway       Interface
Metric
       172.16.30.20  255.255.255.255        127.0.0.1       127.0.0.1
1
         172.16.30.20  255.255.255.255    10.0.0.4              10.0.0.4
1
Default Gateway:          10.0.0.1

Am I missing something?

Any feedback is highly appreciated.

Thanks,
Leo

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.