[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Strange Problem. Anyone please Help!

To: [email protected]
Subject: Re: [FW-1] Strange Problem. Anyone please Help!
From: Elmar van Mourik <[email protected]>
Date: Fri, 21 Jun 2002 07:37:08 +0200
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Conrad,

I'm not sure which way you've set up the Network Address Translation.
You need to create an Host Node Object for your webserver with the internal
ip address and set up an static NAT for that object. That will createt
automatic NAT-Rules and hides your internal ip address for the outside
world.
Create your rule 5 as: any - webserver - http - accept.

Greetings,


Elmar van Mourik
System & Networkmanagement ZHEW


-----Oorspronkelijk bericht-----
Van: Conrad Ng [mailto:[email protected]]
Verzonden: vrijdag 21 juni 2002 3:03
Aan: [email protected]
Onderwerp: [FW-1] Strange Problem. Anyone please Help!


Dear all

I think this is another newbie question, but I do hope that someone can give
me some hints on this.

Situation

I have a web server inside the DMZ with an internal ip (10.17.x.x), there is
an external ip (202.128.x.x) assigned for this web server to allow public
access. Once user want to access this web server, the traffic will first go
through a Cisco Router and then pass to the Checkpoint Firewall-1.

Settings

I have already defined a rule (Rule 5) under the firewall which permit "Any"
access to the "External ip". Besides I have also set up the Name Translation
table which translate the external ip to an internal ip and vice versa.

Problem

The problem is that when I try to access through public, under the Firewall
Log viewer, I can see that "Rule 5" has been accepted by the FW but at the
same time it comes up an "Reject" message follow this accept message.
Actually, I donno why it happens, is it the problem in the translation
table? I then try to access to the web server using the Firewall server, if
I use external ip to access, reject message appears again. However, if I use
internal ip to access, it success. PLEASE HELP!


I really hope someone can tell me why this happens and tell me what should I
do? what else I have missed to do? Thanks a lot


Conrad


------------------------------
Door de electronische verzending van het bericht kunnen er geen rechten
ontleend worden aan de informatie. Als u deze e-mail onterecht heeft
ontvangen, waarschuwt u dan de afzender via [email protected] en verwijder
de gegevens van de computer.

Zuiveringsschap Hollandse Eilanden en Waarden, Dordrecht
tel: +31 (0)78 6397100
fax: +31 (0)78 6311871
web: http://www.zhew.nl

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] AW: [FW-1] Name resolution
Next by Date: [FW-1] why my fw hang and how to keep message file rotated?
Prev by thread: Re: [FW-1] Strange Problem. Anyone please Help!
Next by thread: Re: [FW-1] Strange Problem. Anyone please Help!
Index(es):
- Date
- Thread