Greetings,
I am having difficulty getting access to our DMZ
from the Internet. I am running NT 4.0
SP6a with FW-1 4.0. I have set up a local.arp
file and have added routes on the Firewall for the virtual_IP to the internal_IP for each machine (ie. Virtual_IP
Internal_IP) on the DMZ. Packets with the
Virtual IPs are accepted by the rulebase so I know local.arp is
working. Packets are not getting onto
the DMZ network. I do not see any ARP broadcasts looking for the MAC
addresses of the Boxes on the DMZ. That
would lead me to believe that the routes that I manually entered are not effective. IP forwarding is enabled in the
TCP/IP properties. I am using static NAT
for each virtual_ip and the NAT rules are automatically generated. If I
skip NAT all together and assign the valid IPs to
the boxes in the DMZ if works perfectly but I
would like to be able to deploy NAT. The firewall functions as configured
with regard to traffic to and from the Internet
using Hiding NAT for our local net. Traffic also moves between our localnet to the DMZ as per the rulebase. If
anyone sees from this narrative what I might
be missing please advise.
Thanks,
Todd
|