[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Problems NATing
Scott, If all you need is outgoing connections from your private LAN, you should be able to HIDE NAT that subnet behind the address of the Firewall. If you need to allow incoming connections then you will need at least a 2d address to do STATIC NAT. The easiest way to do the HIDE NAT is : 1. Create an object, of type Network, describing your internal private subnet 2. In the NAT tab, select the Add Automatic Address Translation Rules, select HIDE as translation method, and use the official Firewall address as the Hiding IP Address, Install it on the Firewall himself. That's it. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ===================================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ===================================================================== -----Original Message----- From: Scott Murray [mailto:[email protected]] Sent: Tuesday, November 13, 2001 10:29 PM To: [email protected] Subject: [FW-1] Problems NATing I currently have a test setup running CP4.1sp5 on Win2KAdvancedServer. The outside NIC is DHCP which gets a DHCP address from an ISP (this usually stays the same so my FW object reflects the actual IP that is always renewed); this is my only public address. Meanwhile I have my internal NIC on a private address attached to a hub which is then connected to multiple PC's all on the same network segment. I need to set up the multiple PC's on that network segment to initiate and accept internet traffic. Do I need one more public address to NAT the private network segment to or is there a way I can set it up to use the one public address I currently have available? Right now I am setup to NAT one server to the 1 public address but I have problems connecting to the outside world via HTTP; if I run my anti-virus updates for example, it goes out checked for an update and downloads the necessary updates, but when it comes to HTTP, it doesn't seem to complete the 3-way handshake. I have also run into problems getting SMTP through: I check my mail on the private network segment, I can see traffic passing through my FW logs, and I get 20 mail messages but then get a message saying "lost connection"; when I re-retrieve the mail again, I get all the same messages downloaded again; so some weird things are going on which is leading me to think having only one valid addresses, which is being used by my FW's external address is causing some "behind-the-scenes" headaches. Any help, words of wisdom would be greatly appreciated, TIA! Scott _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|