[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT external host to internal address (kind of backward s NAT)
.... I also added a static route on the firewall to forward anything addressed to the 10.x.x.x address to the external router...... The route you added... Try forwarding anything addressed to the 159.x.x.x to the external router... HTH, Michael. P.S. By the way, thinking about it, seems that you have created the object wrong. You should create an object with it's primary address being 159.x.x.x and put 10.x.x.x under the NAT tab. I think... To understand it better, look at the rules created automatically under the Network translation. Maybe you should try to create a manual Network translation rule, it might be less confusing. Maybe you don't need that routing entry after all... It's an interesting situation, I'll be testing it tomorrow in my lab. HTH. -----Original Message----- From: Greg Winkler [mailto:[email protected]] Sent: Monday, January 22, 2001 6:09 PM To: [email protected] Subject: [FW1] NAT external host to internal address (kind of backwards NAT) I need to NAT a valid external address to an invalid internal address. Kind of a reverse of what you'd typically expect for NAT, in that the external host address belongs to a physical system and the internal address is fictitious. The reason we are doing this funny business is that want to be able to reach an external host through a firewall, but avoid having to update all the internal routers with static routes to this host. The thinking is that the internal hosts already understand how to route to the firewall and its internal segment. By NAT'ing the external host to an address on the firewalls internal segment we think it should work. But it doesn't. I setup a workstation object just like I would any other, the address being the invalid internal address (10.x.x.x) and under the NAT tab, the valid address being the external hosts IP (159.x.x.x). I also set up a proxy ARP on the firewall (Nokia IP330) but instead of using the MAC address of the external interface I used the MAC address of the internal interface. I also added a static route on the firewall to forward anything addressed to the 10.x.x.x address to the external router. Now I'm getting host unreachable's reported from the firewall whenever I do ping's? Any idea's? ---------------------------------------------------------------------------- ------------ Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [email protected] Voice:Fax:============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|