NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT Problem in CP-Firewall



Do you have IP spoofing protection? Did you put your NATed hosts into
allowed IPs on inside NIC?

Regards,
	Iztok

> -----Original Message-----
> From: Jey Baskar [mailto:[email protected]]
> Sent: Monday, January 15, 2001 10:28 AM
> To: [email protected]; [email protected];
> [email protected]
> Subject: RE: [FW1] NAT Problem in CP-Firewall
> 
> 
> 
> 
>   I did follow the suggestion of adding the arp entry and the 
> route but I am still struck up the same problem.
> 
> After adding the following entries
> 1. arp -s 205.148.243.3  <mac address of the external firewall>
> 2. route add 205.148.243.3  10.1.3.5 
> 
> it doesn't seems working. I also added the next hop inside 
> the firewall too !!
> 
> Thanks for your time and suggestion
> Jey!
> 
> 
> >>> Mustetab Ali Khan <[email protected]> 01/14/01 10:08AM >>>
> 
>  Dear BASKAR,
> 
> You also need to add an arp entry for the natted address ...
> 
> arp - 205.148.243.3 <mac address of the firewall external card>
> 
> in addition u need to add a route as follows 
> route add 205.148.243.3 <10.x.x.x> ip of the firewall internal card
> 
> -Mustetab
> Network Security Engineer
> HCL Comnet Systems & Services
> 
> -----Original Message-----
> From: ITN (Bipin Mehta)
> To: 'Jey Baskar'; [email protected] 
> Sent: 01/14/2001 6:25 PM
> Subject: RE: [FW1] NAT Problem in CP-Firewall
> 
> You need to add a static route on your firewall for the translated
> address (205.148.243.3)to the next hop inside the firewall or to the
> internal ethernet port because before translation the firewall does
> internal routing.
> 
> 
> 
> 
> -----Original Message----- 
> From: Jey Baskar [ mailto:[email protected] 
> <mailto:[email protected]>
> ] 
> Sent: Saturday, January 13, 2001 1:02 AM 
> To: [email protected] 
> Subject: [FW1] NAT Problem in CP-Firewall 
> 
> 
> 
> Hello, 
> 
> We have installed Checkpoint Firewall-1 in our environment. I 
> am facing
> a problem of unable to PING to the NATted address.
> 
> 
> 10.1.3.15       205.148.243.2      205.148.243.1 
> HOSTA  -------  FIREWALL  -------- ROUTER ---------- INTERNET 
>   
> 
> I have a hostA 10.1.3.15 which is on the internal network. It can ping
> to the Firewall [205.148.243.2] and to the router [205.148.243.1] 
> 
> without any problems. 
> 
> On the Firewall I have static Address Translation for the 
> 10.1.3.15  and
> set it as 205.148.243.3 
> 
> The problem is I can PING to the firewall [205.148.243.2] successfully
> from the internal and external network but CANNOT ping to the static
> address [205.148.243.3] either from the internal nor from the external
> network. Even from the Firewall server, I CANNOT ping to the NATed
> address [205.148.243.3]
> 
> I have set the NAT and rules properly. 
> 
> Any help to fix this problem will be greatly appreciated! 
> 
> Thanks 
> Jey 
> 
> 
> 
> ==============================================================
> ==========
> ======== 
>      To unsubscribe from this mailing list, please see the 
> instructions
> at 
>                http://www.checkpoint.com/services/mailing.html 
> <http://www.checkpoint.com/services/mailing.html>  
> ==============================================================
> ==========
> ======== 
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html 
> ==============================================================
> ==================
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.