[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] problems setting up a NAT
Hello all, I am trying to setup a NAT for an internal mail server. My existing policy covers outbound connections from the mail server out to the internet, but I cannot reach it from the internet back inside. I followed the documentation on setting up a static NAT, creating an object for the internal mail server and also for the external interface. The real IP is different from the external IP of the firewall, so I was sure to put in the recommended arp statement so the router upstream will know how to get to it. So, now I can route to it, but I can't get anything through the firewall inside to the mail server. Here's what my policy basically looks like: 1 Source: <mailserver-internal, with static NAT to external> Destination: Any Services: Any Action: accept Install on: Gateways 2 Source: <entire internal network> Destination: Any Services: Any Action: accept Install on: Gateways 3 Source: Any Destination: <mailserver-external, with static NAT to internal> Services: Any Action: accept Install on: Gateways 4 Source: Any Destination: Any Services: Any Action: drop Install on: Gateways Is this correct? Of course I'll tighten down the services later, but I want to make sure it works first. On top of this I have added a route as such: route add <external IP of mailserver> <internal IP> 1 and updated the arp table with <external IP of mail server> with <external MAC address of fw>. The external IP of the mail server is different from the external IP of the firewall. This ought to be simple, right? Also, I don't have split-DNS on the firewall yet, but that shouldn't affect this basic routing/NAT config? Well, this is driving me nuts, I hope you guys can help. Thanks! ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|