Re: [FW-1] NG NAT with one valid IP doesn't work

[Jim Parker]

And again, this NAT rule scenario doesn't work on FP1 or FP2. Any - Firewall - http - | Original - Webserver - Original    This does work, I've tested this on 4.1 SP5, NG FP1 and FP SP2. any - firewall - http-mapped - accept any - web_server - http - accept   Now, has anyone else TESTED this? ----- Original Message ----- From: Theo van den Beld To: [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 9:11 AM Subject: Re: [FW-1] NG NAT with one valid IP doesn't work And again :-) :   http://www.phoneboy.com/faq/0428.html   Tells it all....   Theo     -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]]On Behalf Of Raul Gonzalez Sent: Monday, April 22, 2002 4:48 PM To: [EMAIL PROTECTED] Subject: [FW-1] NG NAT with one valid IP doesn't work Hi, we have a NG FW FP1  with 3 interfaces, and a DSL Router to investigate. Configuration it's like that :                                                                     Web server (192.168.2.100)                                                                         |                                                                         |                                                                    DMZ Lan   (192.168.2.0)                                                                         |                                                                         |                                                                         | (192.168.2.135) 192.168.1.0 (Internal LAN) ----------------------- Firewall NG -------------------------------------------------------- INTERNET                                           (192.168.1.135)                         (212.11.21.13 Valid adress)     I am trying make port mapping to webserver for http and telnet services (http to web server and telnet to internal server) using NAT, and "Perform destination traslation on the client side" is cheked. However, I don't get NAT inside.   Rules :   Any   Webserver         http        Accept       Log Any   Internalserver     telnet      Accept       Log   NAT RULES :   Any     Firewall          http         Original       Webserver         Original        Gateways Any     Firewall          telnet       Original       Internalserver     Original        Gateways   I can get login but in Firewall host, not in Internalserver (no Xlated paquets in Log, but I can see in log  :   61.62.63.123  (Origin)        Firewall (Destination)   telnet (Service)     5 (rule number)    Accept 61.62.63.123  (Origin)        Firewall (Destination)   http (Service)        6 (rule number)    Accept (I don't see drop packets about this, and "Log implied rules" is checked)   WHY don't  translate???  In Global Properties is checked "Automatic rules intersection", "Perform destination translation on the client side" and "Automatic ARP configuration". I have seen the Phoneboy document (http://www.phoneboy.com/faq/0428.html), but it doesn't work. What's wrong??   I would like to hear some advise... Thank's in advance   Raul Gonzalez