[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NATed address not on firewall subnet
I know this works, as it is running here (NT, but Solaris will work as well) A few thoughts: - Did you publish an arp entry for the external NAT address (a la arp -s etc. pub)? - Did you put a static host route on the firewall to forward the incoming traffic to your router (a la "route add outsideIP routerIP")? - Did you define the static NAT in the firewall rulebase for both inbound and outbound traffic to the server? - Does the server have a valid route back out to the internet through the same firewall? Hope that's a start - Dan Hitchcock Network [email protected] Xylo, Inc. The work/life solution for corporate thought leaders -----Original Message----- From: Lawrence Mackley [mailto:[email protected]] Sent: Monday, January 15, 2001 11:34 AM To: Firewall-1 Mailing List Subject: [FW1] NATed address not on firewall subnet I am trying to NAT an internal server that is on a different subnet than the firewall. In the example below, is it possible to have the firewall NAT a server on subnet C to subnet A? The problems seems to be that the firewall is not performing NAT and instead is relying on a routing entry which cannot be created. Checking the log shows no XlateDst values for incoming traffic (using SMTP security server). I have tried both automatic and manual NAT. FW-1 4.0 SP5, Solaris 2.6. Internet | (registered subnet A) | Firewall | (unregistered subnet B) | Router | (unregistered subnet C) | Server __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|