[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Problem with arp -s in NG firewall on Windows 2000 server

To: [email protected]
Subject: [FW-1] Problem with arp -s in NG firewall on Windows 2000 server
From: William Wang <[email protected]>
Date: Thu, 26 Sep 2002 11:31:14 -0400
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all,

I want to set a NG (feature pack 2) testing firewall on Windows 2000 server.

I want to set up a Web server at my DMZ network side. It's IP address is
192.168.3.211. This IP is an invalid one. I want to give it a valid IP
address.

What I did is like this:

1.      From Policy Editor, Create a network object called Websrv,

IP Address: 192.168.3.211
Net Mask: 255.255.255.0

NAT:  "Add Automatic: Address Translation rules"
        Translation rules: static
Network IP address: 209.10.25.23 (a valid IP address from external interface
side).
Install on gateway: All

2.      From firewall box(I put firewall module and management server onto
the same box),  I run these commands:

C:\> arp -s 209.10.25.23         00-AB-6D-C3-D7-2B
C:\> route add 209.10.25.23     192.168.3.211 metric 1

While 00-AB-6D-C3-D7-2B is the MAC Address of  the external interface of  my
firewall Wall.

3.      I set up a rule:
Any     Websrv  any     accept

Now I suppose can ping the Web server from a box at the external side
(209.10.25.28), but I CAN NOT do it !!!



The follow is a simple diagram:


------------------------------------------------- External (209.10.25.0, I
put a testing box, 209.10.25.28 here)
                        |
                        |

                     Firewall box ------------- Internal (10.2.0.0)
                        |
                        |
--------------------------------------------------- DMZ (192.168.3.0, where
I put my Web server)

Any idea about this?

Thank you for your help in advance.


William

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 server
  - From: Bill <[email protected]>

Prev by Date: Re: [FW-1] License about High Availability
Next by Date: Re: [FW-1] RealSecure OPSEC (SAMP) compliant with Checkpoint?
Prev by thread: Re: [FW-1] RealSecure OPSEC (SAMP) compliant with Checkpoint?
Next by thread: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 server
Index(es):
- Date
- Thread