[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web server in DMZ
When you have incoming connections you cannot NAT in mode hide behind the IP address of the firewall, because the packet will land on the firewall itself, which will then drop it. Assign static NAT mapping or better yet, assign public address space fro your DMZ. Why would you want to do static NATs for your servers on the DMZ, when you can just give them the valid IP addresses in the first place? George -----Original Message----- From: Ivan More [mailto:[email protected]] Sent: Tuesday, June 05, 2001 3:00 AM To: [email protected] Cc: [email protected] Subject: [FW1] Web server in DMZ Hi, We are trying to setup a web server in the DMZ for public access. But we are not successful. Internet ******** | | | | | ----------- | | | | ----- DMZ | FW |-----------| | web server | | ----- internal IP 10.1.1.100 | | external IP ------------ | | ****** Office In our rule base we have source destination service Any Web server http NAT to external IP We did not see any traffic connecting to this web server even when we try to connect to it (not using VPN). What did I missed out? Any help will be appreciated. Thanks. Cheers, Ivan _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|