Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] 4.1 sp3 NATing

To: [email protected]
Subject: Re: [FW-1] 4.1 sp3 NATing
From: Leon Noble <[email protected]>
Date: Wed, 28 Aug 2002 12:18:33 +0100
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Brian,

The route you added through voyager, was this a static route.

in static routes, the default route should be to the firewall's gateway
address.

You should then add a static route for your web servers public IP, the
gateway address for the web server static route should be updated with the
web servers internal IP address.

Also check the NAT tab in the rule base should show


src             dst             srv                     src             dst             srv
----            ----            -----                   -----           -----           -----

any             web-ext         any                     any             web-int         any
web-int                 any             any                     web-ext         any             any

these should also be static routes.

Also make sure that your firewall can do DNS lookups.

cheers

Leon.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Brian
Ritchie
Sent: 28 August 2002 09:02
To: [email protected]
Subject: [FW-1] 4.1 sp3 NATing


Hi there,

I have a webserver in my DMZ - private add.
I am hosting the virtual IP - public add - on the internet.
There is only one NIC on the webserver
I have created a "webserver" object with a private add - same subnet as DMZ.
Within the properties of the object - NAT tab - I have used the auto NAT
option
Static - Public IP Add (from within our given scope) - installed on our
firewall.
I have added a new ARP entry (voyager) putting the firewall's external NIC's
MAC add. against the public add of the webserver's public add.
I have added a route (voyager) webserver's public add to the default route
(external router)
Needles to say, it doesn't work. Anybody, any ideas?

Thanks in advance,  Brian

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] 4.1 sp3 NATing
  - From: Brian Ritchie <[email protected]>

Prev by Date: [FW-1] MRTG for CP NG
Next by Date: [FW-1] dropped out of state tcp packets
Previous by thread: [FW-1] 4.1 sp3 NATing
Next by thread: Re: [FW-1] 4.1 sp3 NATing
Index(es):
- Date
- Thread