[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT Problem in CP-Firewall
oops didnt know you where talking about windows. you have to create a file in /$FWDIR/state the local.arp file would look like this: 204.32.38.2 00-C0-78-20-00-6D 204.32.38.10 00-C0-78-20-00-6D Note: For changes to this file to take effect, you must install your security policy. On an NT machine, the routes are slightly different: route add 204.32.38.2 192.168.0.2 -p route add 204.32.38.10 192.168.0.10 -p The -p option insures the routes will be added to the registry and will be active, even after rebooting. Michael -----Original Message----- From: Jey Baskar [mailto:[email protected]] Sent: Monday, January 15, 2001 10:58 AM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: RE: [FW1] NAT Problem in CP-Firewall Michael, I think the "pub" syntax is supported in unix environment. I did try that on the NT server [Firewall is installed on the NT Server] and it wasn't supporting that syntax. :-( Thanks, Jey! >>> "Pires, Michael" <[email protected]> 01/15/01 10:56AM >>> Don't forget to add the pub at the end of the arp ex: arp -s 205.148.243.3 <mac address of the external firewall> pub verry important since anyone arping for that external address your firewall has to respond to it. _______________________________________ Michael Pires Security Analyst Teleglobe Inc. TEL:FAX:E-MAIL: [email protected] -----Original Message----- From: Jey Baskar [mailto:[email protected]] Sent: Monday, January 15, 2001 10:28 AM To: [email protected]; [email protected]; [email protected] Subject: RE: [FW1] NAT Problem in CP-Firewall I did follow the suggestion of adding the arp entry and the route but I am still struck up the same problem. After adding the following entries 1. arp -s 205.148.243.3 <mac address of the external firewall> 2. route add 205.148.243.3 10.1.3.5 it doesn't seems working. I also added the next hop inside the firewall too !! Thanks for your time and suggestion Jey! >>> Mustetab Ali Khan <[email protected]> 01/14/01 10:08AM >>> Dear BASKAR, You also need to add an arp entry for the natted address ... arp - 205.148.243.3 <mac address of the firewall external card> in addition u need to add a route as follows route add 205.148.243.3 <10.x.x.x> ip of the firewall internal card -Mustetab Network Security Engineer HCL Comnet Systems & Services -----Original Message----- From: ITN (Bipin Mehta) To: 'Jey Baskar'; [email protected] Sent: 01/14/2001 6:25 PM Subject: RE: [FW1] NAT Problem in CP-Firewall You need to add a static route on your firewall for the translated address (205.148.243.3)to the next hop inside the firewall or to the internal ethernet port because before translation the firewall does internal routing. -----Original Message----- From: Jey Baskar [ mailto:[email protected] <mailto:[email protected]> ] Sent: Saturday, January 13, 2001 1:02 AM To: [email protected] Subject: [FW1] NAT Problem in CP-Firewall Hello, We have installed Checkpoint Firewall-1 in our environment. I am facing a problem of unable to PING to the NATted address. 10.1.3.15 205.148.243.2 205.148.243.1 HOSTA ------- FIREWALL -------- ROUTER ---------- INTERNET I have a hostA 10.1.3.15 which is on the internal network. It can ping to the Firewall [205.148.243.2] and to the router [205.148.243.1] without any problems. On the Firewall I have static Address Translation for the 10.1.3.15 and set it as 205.148.243.3 The problem is I can PING to the firewall [205.148.243.2] successfully from the internal and external network but CANNOT ping to the static address [205.148.243.3] either from the internal nor from the external network. Even from the Firewall server, I CANNOT ping to the NATed address [205.148.243.3] I have set the NAT and rules properly. Any help to fix this problem will be greatly appreciated! Thanks Jey ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> ======================================================================== ======== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|