Edwin, This is how I accomplished this. I created a host object for the external interface on your checkpoint box (Ex. IP330-ext = external IP address of interface).
Now, here is where I will try my best to explain: Ok, you have your FW (IP330) with all of your interfaces defined (External and internal). Let's say your external interface is 192.168.1.3. Now, you want to create an additional host object (as referenced above). Let's call it IP330-ext. Now, in security, you want to setup a rule that allows SMTP traffic to go to IP330-ext from any. Once that security rule is setup, go to address translation and add a rule that does this: Any IP330-ext SMTP original <smtp host object> original After that translation rule has been setup, you need to forward the smtp traffic to your firewall. CISCO: ip nat inside source static tcp <FW IP Address> 25 interface eth0/0 25 This should help you with your issue; atleast it will help put you on the right track. Edwin, If you have any further questions about this, you can email me directly. Nathan -----Original Message----- From: Edwin Davidson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 14, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: [FW-1] Port 25 redirect on specific subnet If I was runing iptables on a *nix router, I could do the following to have all port 25 SMTP connections redirected to the *nix boxes SMTP server. iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 25 Within FW1 NG itself, Can I do the same thing to a specific subnet? For example, I want to take subnet 192.168.0.0 and any port 25 connections they make I want it to be redirected to another SMTP server on my network. Edwin Davidson http://www.primeinc.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please reply to the sender of the message. The views expressed in this correspondence may not reflect the views of Prime, Inc. This footnote also confirms that this email message has been scanned for the presence of computer viruses. ********************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
