| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] static NAT the external fw-1 address?
Hi,
I'd like to have a web-server in my dmz answering requests to the
external ip address of the firewall, port 80.
While I succeeded with other external ip addresses using proxy.arp,
it just fails when I try to configure it for the external ip address.
Actually, it allowed ping to do the following tests:
ping [external-fw-1-ip]
didn't get a response. The log viewer showed the NATed packet, and also
NATed answer that was blocked due to "rule 0 local interface is spoofing".
Guess, there is no anti-spoofing configured!
It all works well when using another ip with local.arp, request and reply
get NATed.
If you try to use http you would get a "RST" reply in the first case, and in
the latter case it will work. But you can't see replies it in the fw-1 log.
I tried to increase the default metric for the default routing on win2k, but
that doesn't help either. I assume that Win2k routes the packet to 127.0.0.1
Do I need to remove that routing entry..."route delete" doesn't do it!
(I have a route from the exernal interface to my dmz, for sure!)
Has anyone have such a configuration working [Solaris/Linux/Win-dos] ?
Best Regards,
Patrick Lotti
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
