| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Problems NATing
Scott,
If all you need is outgoing connections from your private LAN, you should
be able to HIDE NAT that subnet behind the address of the Firewall. If you
need to allow incoming connections then you will need at least a 2d address
to do STATIC NAT.
The easiest way to do the HIDE NAT is :
1. Create an object, of type Network, describing your internal
private
subnet
2. In the NAT tab, select the Add Automatic Address Translation
Rules,
select HIDE as translation method, and use the official Firewall
address
as the Hiding IP Address, Install it on the Firewall himself.
That's it.
Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================
-----Original Message-----
From: Scott Murray [mailto:[email protected]]
Sent: Tuesday, November 13, 2001 10:29 PM
To: [email protected]
Subject: [FW-1] Problems NATing
I currently have a test setup running CP4.1sp5 on Win2KAdvancedServer. The
outside NIC is DHCP which gets a DHCP address from an ISP (this usually
stays the same so my FW object reflects the actual IP that is always
renewed); this is my only public address. Meanwhile I have my internal NIC
on a private address attached to a hub which is then connected to multiple
PC's all on the same network segment. I need to set up the multiple PC's on
that network segment to initiate and accept internet traffic. Do I need one
more public address to NAT the private network segment to or is there a way
I can set it up to use the one public address I currently have available?
Right now I am setup to NAT one server to the 1 public address but I have
problems connecting to the outside world via HTTP; if I run my anti-virus
updates for example, it goes out checked for an update and downloads the
necessary updates, but when it comes to HTTP, it doesn't seem to complete
the 3-way handshake. I have also run into problems getting SMTP through: I
check my mail on the private network segment, I can see traffic passing
through my FW logs, and I get 20 mail messages but then get a message saying
"lost connection"; when I re-retrieve the mail again, I get all the same
messages downloaded again; so some weird things are going on which is
leading me to think having only one valid addresses, which is being used by
my FW's external address is causing some "behind-the-scenes" headaches. Any
help, words of wisdom would be greatly appreciated, TIA!
Scott
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
|
|
