[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Hiding multiple servers behind 1 IP address
Hide mode only allows access out. You cannot initiate a connection outside the firewall to an internal host when using Hide NAT. The user is looking for the firewall to forward packets to a defined server when destined for the same address, and deciding that address by looking at the destination port number. Not a good solution. Thomas Poole -----Original Message----- From: Jason Witty [mailto:[email protected]] Sent: Thursday, October 05, 2000 1:28 PM To: [email protected] Cc: [email protected] Subject: Re: [FW1] Hiding multiple servers behind 1 IP address It's called hide-mode NAT in FW-1. An example NAT rule would look like this (obviously you need an access rule as well): ORIGINAL PACKET NATted PACKET SOURCE DEST SOURCE DEST internal-net ANY hide-addr ORIG Hope this helps. Jason Todd Ginther wrote: > > Hello All, > > I haven't seen a FW-1 solution to something that I currently do with another firewall product - that is to be able to advertise a single IP out to the world (firewall external interface) and have the firewall direct inbound Internet traffic to different internal servers based soley on which port the firewall gets hit on. > > Example: > > -Advertised IP address is abc.123.123.1 > > -Traffic hits abc.123.123.1:18000 gets redirected > to an internal server, machine alpha. > > -Traffic hits abc.123.123.1:19500 gets redirected > to a different internal server, machine beta. > > Any ideas? I would prefer not to have to use up a bunch of IP's to do one-to-one NAT. > > Thanks in advance, all! > > Regards, > > -Todd > > _____________________________________________________________ > Want a new web-based email account ? ---> http://www.firstlinux.net > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|