Mr. bustam:
Thank you very much for you help.I got it!
NO my rule in packet screen is:
1. SourceIP/Port: */*  DestinationIP/Port: 172.16.2.9/80
Action is "without reply".The IP 172.16.2.9 is internal IP Address.
2. SourceIP/Port: 172.16.2.9/80  DestinationIP/Port: */*
Action is "without reply".The IP 172.16.2.9 is internal IP Address.
Then I can access my web site without authentication,and the other internal web site 
with http proxy with authentication.

But I can't understand it.If using NAT IP 202.96.231.106 instead of internal IP,then 
it can not work.And if using "with reply" instead of "without reply",it also can not 
work properly.

>I'm also having problems getting my NAT to working on 5.5. Just one
>question, why are you using the NAT address as your destination? My
>understand of this is that in the packet screen rules you would the real
>source and destination addresses. NAT will pick it  up last internal to
>internal connection. I hope this helps. I'm just learning how to use NAT.
>
>Susan M. Bustamante
>IBM Global Services, Network Services
>800 North Linhberg Blvd., mailstop M3C,  St. Louis, MO 63167
>telephone:  (314) 694-9129 / FAX: (314) 694-1755
>email: [EMAIL PROTECTED]
>
>
>yonghaoHE <[EMAIL PROTECTED]>@lists.gnac.net on 12/18/99 06:26:05 PM
>
>Sent by:  [EMAIL PROTECTED]
>
>
>To:   Firewall LIst <[EMAIL PROTECTED]>
>cc:
>Subject:  NAT Problem
>
>
>
>Thanks for everyone with Gauntlet sp6 problem.
>I also have NAT problem.
>I have rule in Gauntlet packet screen,which is
>SourceIP/Port: */*  DestinationIP/Port: 202.96.231.106/80
>Action is "with reply".The IP 202.96.231.106 is NAT IP Address.
>I also have other internal web server with NAT IP,use Authentication HTTP
>Proxy Policy
>map.
>But when I add the rule above into packet screen,then all HTTP request can
>access to
>internal web server with no authentication.It seem all http access to
>internal server
>with NAT IP pass the rule in packet screen.
>WHY?
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]

                    ��
��

            yonghaoHE
            [EMAIL PROTECTED]
*****ת�����ݽ���*****

CURSOR

                    ��
��

            yonghaoHE
            [EMAIL PROTECTED]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to