On Wed, Jan 07, 2004 at 11:24:06AM -0500, Chris Hoff wrote: > I think the more appropriate question Mike is asking, is how to do PAT (Port Address > translation), even if the port may stay the same and the external IP address > changes. I do agree with Reinhard's answer - get a static IP address, but this still > may not help if there is only one address available. The best solution is to get a > range of static IP addresses that can be used for multiple static server address > translations. >
Hi I agree with you, static IP address is best solution, but sometimes it isn't possible. In this case there is another solution: Make new services, Manage->services New->Other Fill box, Name and IP protokol Example: Name: vnc_redir IP Protokol: 6 Then click "Advanced..." Put in Match box SRV_REDIRECT(external_vnc_port,internal_ip_adress,internal_vnc_port) Example (my web server) SRV_REDIRECT(80,172.16.15.27,80) Checkpoint redirect request from external interface, port 80 to internal ip adress port 80. Of course you have to accept this connections in your rule base. More informations http://oldfaq.phoneboy.com/fom-serve/cache/86.html Bye > If this is not available, what will need to be done is something similar to the > following: > > 1. Create objects for the external and internal IP addresses of the server needed > (the external will be the same as the IP of the firewall - click ok through the > dialogue box) > 2. Create a NAT rule similar to the following: > > Original Packet Translated Packet > Src Dest port Src Dest port > ANY Ext-IP VNC Orig Int-IP Orig > > 3. Create a rule in the rule base allowing the connection. If possible, in the rule > base, limit the SRC to only the IP address that should be allowed to connect via VNC > to the machine. > > Hope this helps, > -- Michal Fric ICZ,a.s. V Olsinach 2300/75, 100 97 Praha 10, CZ Tel.: +420 2 81 00 22 22 Fax: +420 2 81 00 22 44 mailto:[EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
