RE: [FW1] Splitting NAT to two Different Severes

[Chris Arnold <chris.arnold@FW1-NOSPAMWheelHouse.com>]

No, just don't do automatic NAT rules.  If you set-up NAT "by hand" you can
have tso rules:

Original Packet    Translated Packet
Src  Dest          Serv    Src       Dest         Serv    
any  209.46.53.10  http    original  192.168.1.1  http
any  209.46.53.10  smtp    original  192.168.1.2  smtp

Should work.

Chris

-----Original Message-----
From: Shadrick Tveit
To: 'Jeff Ensminger'; 'fwmailing'
Sent: 1/18/01 1:50 PM
Subject: RE: [FW1] Splitting NAT to two Different Severes


I think you will be stuck aquiring a second valid ip address.
You must have a valid IP address for clients to initiate communication
over
the net.
-Shad

-----Original Message-----
From: Jeff Ensminger [mailto:gus@rgimarketing.com]
Sent: Thursday, January 18, 2001 10:35 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Splitting NAT to two Different Severes



I am at a roadblock on how to solve this issue:

On an NT network I want to host the website for domain "onlydomain.com"
on a
web server (192.168.1.1),
and host email for the same "onlydomain.com" on a separate email server
(192.168.1.2).
Both servers reside the same one fw-1 server.
I only have one public IP (209.46.53.10)available to use for both NATs.
I have created net objects for both as such:
	webserver  valid=209.46.53.10, real=192.168.1.1
	mailserver valid=209.46.53.10, real=192.168.1.2

I have the proper .arp entry of "209.46.53.10    [mac address of fw-1
ext
nic]".

I have rules allowing for access (in and out) for both servers with the
proper protocols (HTTP, and SMTP, Pop3, respectively).

The problem is that only the mail requests are properly routed. The web
requests are routed to the mail server also, resulting in a page error
for
the client browser.

Regardlesss of the rule-order of the two, the same result occurs.
However, if I delete the net object of the mailserver, the web requests
are
fulfilled properly.

Is it not possible to use one public IP to address both email and web
server
for the same domain, through NAT?

I have received a couple of good suggestions, but don't seem to solve
the
issue.
I also have been all through Phoneboy's site (many times) to no avail.
Does anyone know how to perform this feat?
Thanks to all for at least scratching your heads to see if anything
comes
up!


Jeff   "Gus"   Ensminger
Network Administrator
RGI Marketing Group, inc.
Orlando, FLext. 104
http://www.rgimarketing.com

 <<...OLE_Obj...>> 








========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================