Me neither. But that's because I use automatic NAT. Only manual NAT need the extras.
Cheers, Anders :) -----Original Message----- From: Ant�nio Cardoso [mailto:[EMAIL PROTECTED]] Sent: 15. oktober 2001 11:09 To: [EMAIL PROTECTED] Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd) I never needed to put the arp entry only the ip route and it works ... Ant�nio Cardoso -----Original Message----- From: Frank Breedijk [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] Sent: Monday, October 15, 2001 8:48 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] does checkpoint actually do a NAT (fwd) Jay, > I have a basic query on Firewall NAT.When I configure my > checkpoint firewall to do static NAT I have to configure the > firewall to accept packets in a arp proxying mode.And I am > asked to put a route to the particular public IP saying that > to go to the particuar NATed public IP go to the private IP > in the LAN. The thing to remember here is the order in which checkpoint handles NAT and routing. Routing is handled *before* NAT. THat is why you have to add the ARP and static route entries. The packet is picked up by FW-1 because of the arp entry and it is then routed to the correct interface/gateway. When the packet leaves the firewall, the header is modified to do the actual NAt. Regards, Frank =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
