-----Original Message-----
From: Brenda Kells-Murphy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 07, 2001 10:02 AM
To: 'Michael Efrusy'
Subject: RE: static natI've seen this behavior when the default gateway is not set properly on the client. Have you checked this?-----Original Message-----
From: Michael Efrusy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 07, 2001 9:41 AM
To: '[EMAIL PROTECTED]'
Subject: static natHi all,
I am having a strange problem when attempting to run static NAT. We have a Checkpoint FW1 ver. 4.1 running on an NT server (SP 6). This is connected on the inside to a Cisco 2900 switch and on the outside to a router owned by the ISP (via a hub). On the inside network we are hiding NAT addresses of 10.0.0.0/24 with the firewall address of xxx.xxx.xxx.3. This works fine. However we also have several servers which I would like to put inside the network temporarily until we can get DMZs set up for them. These servers need to have static addresses as they need to be reached from the outside.I have set up static routes to them on the firewall box (using the route add command) and these show up fine when I do a route print command. I have also added a local.arp file to the /winnt/fw1/4.1/state folder using the syntax (translated_address MAC_ADDRESS_OF_EXTERNAL_FIREWALL_INTERFACE. I then started and restopped the service, and installed rules allowing communication between the relevant IP addresses.
The problem is that I am not able to connect, either from the internal computer to the outside, or from the outside to the internal computer. I set up a sniffer between the ISP router and the firewall, and did a ping from outside the network to the internal computer, and the ARP packet was translated fine, and an ICMP packet was sent out, but this packet was not received by the internal computer (I had a sniffer set up there too). When pinging from the outside, the packet was not sent by the external interface of the firewall. Is there some sort of rule that needs to be added that I am missing? I am at a loss. Thanks in advance.
Michael Efrusy
[EMAIL PROTECTED]
646-674-2045
Title: static nat
Yes,
the default gateway is set properly. And in any case, when connecting from
the inside the packets are being translated and getting to the external network,
and return to the firewall, but they are not returning properly from the
firewall to the internal server.
- static nat Yaniv Fine
- Re: static nat William . Stackpole
- Re: static nat mht
- Re: static nat William . Stackpole
- Re: static nat mht
- static nat Michael Efrusy
- Huge Firewall Problem! Kimberlee Commarato
- Re: Huge Firewall Problem! Dave Laird
- RE: Huge Firewall Problem! David Ishmael
- Re: Huge Firewall Problem! mouss
- Re: static nat Michael Efrusy
- Re: static nat Hoang Ha
