NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT external host to internal address (kind of backward s NAT)



.... I also added a static route on the firewall to forward anything
addressed to the
10.x.x.x address to the external router......

The route you added...
Try forwarding anything addressed to the 159.x.x.x to the external router...
HTH,
Michael.

P.S. By the way, thinking about it, seems that you have created the object
wrong.
You should create an object with it's primary address being 159.x.x.x and
put 10.x.x.x under the NAT tab.
I think...
To understand it better, look at the rules created automatically under the
Network translation.
Maybe you should try to create a manual Network translation rule, it might
be less confusing.
Maybe you don't need that routing entry after all...
It's an interesting situation, I'll be testing it tomorrow in my lab.
HTH.

-----Original Message-----
From: Greg Winkler [mailto:[email protected]]
Sent: Monday, January 22, 2001 6:09 PM
To: [email protected]
Subject: [FW1] NAT external host to internal address (kind of backwards NAT)



I need to NAT a valid external address to an invalid internal address. Kind
of a reverse of what you'd typically expect for NAT, in that the external
host address belongs to a physical system and the internal address is
fictitious. The reason we are doing this funny business is that want to be
able to reach an external host through a firewall, but avoid having to
update all the internal routers with static routes to this host. The
thinking is that the internal hosts already understand how to route to the
firewall and its internal segment. By NAT'ing the external host to an
address on the firewalls internal segment we think it should work.  But it
doesn't.

I setup a workstation object just like I would any other, the address being
the invalid internal address (10.x.x.x) and under the NAT tab, the valid
address being the external hosts IP (159.x.x.x). I also set up a proxy ARP
on the firewall (Nokia IP330) but instead of using the MAC address of the
external interface I used the MAC address of the internal interface. I also
added a static route on the firewall to forward anything addressed to the
10.x.x.x address to the external router.

Now I'm getting host unreachable's reported from the firewall whenever I do
ping's?

Any idea's?


----------------------------------------------------------------------------
------------

Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [email protected]
Voice:Fax:============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.