Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT Configuration

To: [email protected]
Subject: Re: [FW-1] NAT Configuration
From: Crist Clark <[email protected]>
Date: Fri, 26 Sep 2003 09:29:16 -0700
Comments: To: "Durick,James D." <[email protected]>
Organization: Globalstar Communications
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

"Durick,James D." wrote:
>
> My setup is this:
>
> checkpoint fw NG (FP3) --> cisco2514 router -->host
>
> external int of fw = 1.2.3.4
> internal int of fw = 192.168.0.1
> external int of router  = 192.168.0.254
> internal int of router = 172.16.0.1
> host = 172.16.0.2
>
> I understand how to do a static address translation where you would be going
> from:
>
> CP-FW1 ---> host (without the router in the middle)where the host is a
> private address and you were trying to translate an external ip to an
> internal private address.
>
> But say we wanted to have an external ip (say 1.2.3.5)address translate all
> the way through the router to the host (172.16.0.2).

[snip]

>  but I am confused how I would set up NAT within Checkpoint(both rules and
> NATing)....anyhelp would be appreciated.

FW-1 doesn't know and doesn't care about the routing. You just need to,

  1) Add the network containing 172.16.0.1 and 172.16.0.2 (not sure
     what bit boundary you might be using there) to the internal
     firewall interface on in the firewall module object's "Topology."

  2) Put a NAT rule in that does specifies that network is behind the
     1.2.3.4 address. For example, you probably already have,

                Original                      Translated
        Source         Destination     Source        Destination
     192.168.0.0/24        Any        1.2.3.4 H       Original

     Just add the new network to that rule,

                Original                      Translated
        Source         Destination     Source        Destination
     192.168.0.0/24        Any        1.2.3.4 H       Original
     172.16.0.0/24

--
Crist J. Clark                               [email protected]
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- [FW-1] Stone beat 3.0 FP3 upgrade
  - From: Vijay <[email protected]>

References:
- [FW-1] NAT Configuration
  - From: "Durick,James D." <[email protected]>

Prev by Date: [FW-1] webmail block
Next by Date: Re: [FW-1] Checkpoint NG FP2 & NetScreen 5XT
Previous by thread: [FW-1] NAT Configuration
Next by thread: [FW-1] Stone beat 3.0 FP3 upgrade
Index(es):
- Date
- Thread