[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Destination Static NATting
Hi! I have a lab wherein I am simulating the setup below: Objective: Let external IPs (172.16.0.0/16) connect to the Internet services on the 10.0.0.0/8 network FTP/SMTP/HTTP [10.0.0.4] --------- [10.0.0.1] FW-1 SP1 [172.16.3.20/172.16.30.20] -------------- External The 10.0.0.4 hosts the internet services, and its gateway is 10.0.0.1. Two valid (logically) IP addresses are bound that will act as external IP addresses (FW-1 has only 1 NIC and I did an IP aliasing to simulate multiple NICs. I did the following already on the Policy: SOURCE DESTINATION SERVICE ACTION Any 172.16.30.20 FTP/HTTP/SMTP Accept For the NAT, I have these: [ORIGINAL PACKET] [TRANSLATED PACKET] SOURCE DESTINATION SERVICE SOURCE DESTINATION SERVICE Any 172.16.30.20 Any Orig 10.0.0.4 Orig I also retrieved the MAC address of the NIC of the FW-1 and added it on the local.arp and installed the policy. On the article from PhoneBoy, it mentioned the IP spoofing configuration. I am not familiar with the said configuration? After following the steps (except for the IP spoofing), it still doesn't work. According to the log, the traffic from the external is being accepted by 172.16.30.20, but that's it; there's no indication that the traffic is being forwarded or translated to 10.0.0.4; but the FTP traffic is being accepted by 172.16.30.20. I also have this route on my routing table (NT4.0): Network Destination Netmask Gateway Interface Metric 172.16.30.20 255.255.255.255 127.0.0.1 127.0.0.1 1 172.16.30.20 255.255.255.255 10.0.0.4 10.0.0.4 1 Default Gateway: 10.0.0.1 Am I missing something? Any feedback is highly appreciated. Thanks, Leo ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|