Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NATed address not on firewall subnet

To: "'Lawrence Mackley'" <[email protected]>, Firewall-1 Mailing List <[email protected]>
Subject: RE: [FW1] NATed address not on firewall subnet
From: Dan Hitchcock <[email protected]>
Date: Mon, 15 Jan 2001 12:30:59 -0800
Sender: [email protected]

I know this works, as it is running here (NT, but Solaris will work as well)

A few thoughts:

- Did you publish an arp entry for the external NAT address (a la arp -s
etc. pub)?
- Did you put a static host route on the firewall to forward the incoming
traffic to your router (a la "route add outsideIP routerIP")?
- Did you define the static NAT in the firewall rulebase for both inbound
and outbound traffic to the server?
- Does the server have a valid route back out to the internet through the
same firewall?

Hope that's a start -

Dan Hitchcock
Network [email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders



-----Original Message-----
From: Lawrence Mackley [mailto:[email protected]]
Sent: Monday, January 15, 2001 11:34 AM
To: Firewall-1 Mailing List
Subject: [FW1] NATed address not on firewall subnet



I am trying to NAT an internal server that is on a
different subnet than the firewall. In the example
below, is it possible to have the firewall NAT a
server on subnet C to subnet A? 

The problems seems to be that the firewall is not
performing NAT and instead is relying on a routing
entry which cannot be created. Checking the log shows
no XlateDst values for incoming traffic (using SMTP
security server). I have tried both automatic and
manual NAT. FW-1 4.0 SP5, Solaris 2.6.

Internet
   |
(registered subnet A)
   |
Firewall
   |
(unregistered subnet B)
   |
Router
   |
(unregistered subnet C)
   |
Server

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] New IP addresses not working
Next by Date: [FW1] Enable or disable an acces in a rule (like a switch)
Previous by thread: [FW1] NATed address not on firewall subnet
Next by thread: [FW1] New IP addresses not working
Index(es):
- Date
- Thread