[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT Issue



Title: RE: [FW1] NAT Issue
Ok, you don�t have telnet access, but can you access the box by the GUI interface? If you can access the box trough the GUI so you can put you IP address onto the rule that enable your machine to the box by telnet. You must look on the rule to see if it requires a session or user authentication, if so you might put your user into the user�s database and try to connect, but you need the user password, the the OS username and password and the root password in order to stablish the routes and the arp entries.
I don�t know anything about NETRA so, sorry, but I can�t help you in this issue.
 
Cheers,

Jose Vicente da C Machado
AMERICEL
I.T. - Information Security
email: [email protected]
office:(61) 329-6698
fax:(61) 329-6709
mobile:(61) 929-0016
http://www.americel.com.br
 

 
 -----Original Message-----
From: Sumit [mailto:[email protected]]
Sent: Tuesday, January 23, 2001 18:09
To: 'Jose Vicente da Costa Machado Filho'; [email protected]
Subject: RE: [FW1] NAT Issue

One thing I forgot to mention is that I cannot connect to the firewall :-(
 
I see a serial interface setup but when I try to connect it fails.I have tried both COM1 and COM2. Can anyone tell me how to connect to the Netra T1 through a serial interface, from an NT box?
 
Doing a telnet/ssh to the firewall also fails, although I have rules defined on the firewall
 
Thanks,
 
Sumit
 
 
-----Original Message-----
From: Jose Vicente da Costa Machado Filho [mailto:[email protected]]
Sent: Tuesday, January 23, 2001 1:29 PM
To: 'Sumit'; '[email protected]'
Subject: RE: [FW1] NAT Issue

Did you look into your static routes defined on the OS?! The FW-1 on Solaris depends on static routes and arp entry defined on the Solaris environment.

You must tell to your firewall, if you have some router inside your internal network, that the next hop to the arp entry must be the router interface. And also define static routes for every address you are NATing.

If the routes were stabilished and didn�t setted on a rc script you probably lost them when you reboot your machine.

Here you are some examples:
# ARP commands used for NAT (where xx.xx.xx.xx is the valid address)
/usr/sbin/arp -s  xx.xx.xx.xx 7:0:20:8d:fd:a7 pub

# necessary routes for STATIC ROUTES (where xx.xx.xx.xx is the valid address and yy.yy.yy.yy is the internal address)
/usr/sbin/route add xx.xx.xx.xx yy.yy.yy.yy  1

Regards,
Jose Vicente da C Machado
AMERICEL
I.T. - Information Security
email: [email protected]
office:(61) 329-6698
fax:(61) 329-6709
mobile:(61) 929-0016
http://www.americel.com.br

-----Original Message-----
From: Sumit [mailto:[email protected]]
Sent: Tuesday, January 23, 2001 16:54
To: [email protected]
Subject: [FW1] NAT Issue
Importance: High



Hi,

I have been asked to look after the firewall in our company NOC. The person
who setup the NOC and the firewall has left. The problem which I am having
is that NAT'ing is not working, although it seems to be defined correctly.

The logs don't tell anything useful. The firewall is CP 4.1 installed on
Netra T1. I really need to get it going. Any suggestions to
troubleshoot/resolve this problem will be appreciated.

Thanks,

Sumit



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================