| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] static NAT does not work on FP3
- To: [email protected]
- Subject: Re: [FW-1] static NAT does not work on FP3
- From: Security <[email protected]>
- Date: Thu, 6 Feb 2003 16:39:59 +0100
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcLNzfDfDZs5lZJDRjOWBjz1HgfcJQAJ+AKw
- Thread-topic: [FW-1] static NAT does not work on FP3
Hi Thomas,
I looked, looked again, and looked looked again again, and you didn't
write that :o) (taken that first mail was sent yesterday 15:51, right?)
Just to get on the same line here, how do you make up your nat-rulebase?
Two options:
1. You are manually defining the nat rules.
2. You edit the object you want to be nat'ed, and put your settings in
the "nat tab".
The "automatic arp configuration" will only work if you choose option 2.
As far as I understood it, and experienced in testing with it, if you
configure it this way the firewall engine will manage the local.arp and
the appropriate routing for you.
Having said that, I only tested this with Windows 2000, not with NT4 so
it might have something to do with that.
Also: NG-FP3 HF1 resolves an issue with static arp. (see the release
notes)
Although I think it only solves the static arp problem there was on
Windows 2000 machines, it might address a problem like you are seeing as
well...
Bye,
Jeroen.
-----Oorspronkelijk bericht-----
Van: Thomas Borger [mailto:[email protected]]
Verzonden: donderdag 6 februari 2003 11:37
Aan: [email protected]
Onderwerp: Re: [FW-1] static NAT does not work on FP3
Hi Jeroen,
First off all thank you for your answer. But look at my first mail. I
wrote that I`ve had this options in my objects! Even so it does not
work.
> If you check the "automatic arp configuration" the Firewall will only
> do the arp if you use the nat option in your objects. If you don't
> have that, it will not bother to look at your local.arp even if you
> have entries in it. So, what I found is that you have two options:
> -Go with automatic arp, and use the nat settings in the objects you
want
> to nat.
> (making double nat lines for inbound/outbound, routing handled by the
fw
> daemon)
> -Go with the traditional method.
> (manual local.arp, manual update routing table)
> Personally, I still fancy the old way, but it looks like cp is pushing
> towards the automatic settings....sad but true...
And exatly for this reason I`m attempting to use the new way. But I`m
not one step farther. :-(
Thomas
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
