[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] static NAT the external fw-1 address?
Hi, I'd like to have a web-server in my dmz answering requests to the external ip address of the firewall, port 80. While I succeeded with other external ip addresses using proxy.arp, it just fails when I try to configure it for the external ip address. Actually, it allowed ping to do the following tests: ping [external-fw-1-ip] didn't get a response. The log viewer showed the NATed packet, and also NATed answer that was blocked due to "rule 0 local interface is spoofing". Guess, there is no anti-spoofing configured! It all works well when using another ip with local.arp, request and reply get NATed. If you try to use http you would get a "RST" reply in the first case, and in the latter case it will work. But you can't see replies it in the fw-1 log. I tried to increase the default metric for the default routing on win2k, but that doesn't help either. I assume that Win2k routes the packet to 127.0.0.1 Do I need to remove that routing entry..."route delete" doesn't do it! (I have a route from the exernal interface to my dmz, for sure!) Has anyone have such a configuration working [Solaris/Linux/Win-dos] ? Best Regards, Patrick Lotti ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|