Rory Stewart wrote:
>
> Has anyone heard of a problem with NAT translation resolving the http address as the
>internal ip address rather than the external ip address?
>
> We are setting up an http accelerator behind our Nokia 440 firewall where the box
>must be "seen" from the outside.
> I have configured address translation manually from the internal to external and
>back.
WHY "internal to external"? This could confuse the firewall, it's not necessary.
>From outside to inside is fine.
> Created both internal and external ip's as workstations. (Tried putting external ip
>into NAT tab of internal but made no difference).
> Entered "any external any accept" and "internal any any accept" on the security
>policy tab.
Fix it: "any external http accept" (sure), "internal any any drop long" (strong guess).
> Finally, went on to voyager and created static route to internal ip address range
>and put a proxy arp of the external ip address on the
> external firewall interface ( where they are both in the same ip range ).
> We know our accelerator sees our pings put does not reply. We have our laptop gui
>infront of the firewall and behind our ext router, and
> from there we can enter our accelerator happily using internal ip address but not
>external.
HOW?
internet(ip) ---(ip)ext-router(ip) --- (ips)firewall(ips)= --- (ip)accelerator
|
laptop(ip)
Just give more details, network + ip addresses + nat rules + routes. Sounds like a
routing problem.
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
