[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] pcAnywhere from a 'hide' NAT'ed network
Some services can't be used with port address translation. You can setup an ip on the outside of the firewall, put an entry in the local.arp file, define a static route to route traffic to the proper interface where the server can be reached and define a static nat rule which preserves the "service" number. The NAT rule/s will actually require one for egress traffic to hide the source address and an ingress rule to fixup the destination address to the real address of the server. Probably have to do this on both sides, and define some rules in your rulebase to only allow PCAW traffic to flow between specific endpoints. Works for me. This stuff is covered pretty well at phoneboy.com or in the PDF doc from checkpoint. ----- Original Message ----- From: "John Hahn" <[email protected]> To: <[email protected]> Cc: <[email protected]> Sent: Tuesday, September 19, 2000 9:32 AM Subject: [FW1] pcAnywhere from a 'hide' NAT'ed network > > Hi All, > > I'm not sure if this if a pcAnywhere question or just a 'hide' NAT question. > > I have an external network (A.B.C.D/24 {a division of my parent company, > connected via Frame Relay to my site})that I 'hide' behind a NAT entry of > (W.X.Y.Z/32). Folks in the A.B.C.D network are trying to use pc/Anywhere to > access a few servers that they built and maintain, and live within my > building. > > The NAT rule converts the 'source' port from pcAnywhere's 5631 to port 10000 > (or above). The pcAnywhere running on the servers in my building don't seem > to know how to respond to incoming packets with a source port of 10000+. > > I've also seen this with other services going through a 'hide' NAT. FW v4.0 > SP4, running on a Nokia platform w/ IPSO 3.2 > > Any ideas would be appreciated. > > John E. Hahn > [email protected] > > > ______________________________________________ > FREE Personalized Email at Mail.com > Sign up at http://www.mail.com/?sr=signup > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|