Hi James, If u are using automatic nat & client side translation, apply a static nat using another valid ip & not the fw's valid ip, then do you not have to add a manual arp and routes?
Kind Regards, Gabriel >From: James Oryszczyn <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] NG NAT with one valid IP doesn't work >Date: Mon, 22 Apr 2002 19:05:19 -0500 > >One other thing. Is the address you are trying to pat the firewall >outside IP Address. If not you still need to add an arp and routes. NG >will not do this for manual defined rules. > > > >James > > > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED]] On Behalf Of Jim >Parker >Sent: Monday, April 22, 2002 6:09 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] NG NAT with one valid IP doesn't work > > > >Yes tried that, didn't make any difference. Anyone else tried this? > > > >I see that 'http-mapped' is still in NG so this is one possible PAT >solution however I don't see why this feature doesn't work. I'll test it >on FP2 in the morning. > > > >JP > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED]]On Behalf Of James >Oryszczyn >Sent: 22 April 2002 22:54 >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] NG NAT with one valid IP doesn't work > >Remove the Automatic rules intersection and see if it works. > > > >James > > > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED]] On Behalf Of Jim >Parker >Sent: Monday, April 22, 2002 3:49 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] NG NAT with one valid IP doesn't work > > > >Ok for whats its worth at this point, I've tested this on IPSO 3.4.2, NG >FP1 and it doesn't work for me either. It simply does not address >translate. I'll do further tests tomorrow. > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED]]On Behalf Of Raul >Gonzalez >Sent: 22 April 2002 15:48 >To: [EMAIL PROTECTED] >Subject: [FW-1] NG NAT with one valid IP doesn't work > >Hi, > >we have a NG FW FP1 with 3 interfaces, and a DSL Router to investigate. > >Configuration it's like that : > > > > Web >server (192.168.2.100) > > >| > > >| > > DMZ >Lan (192.168.2.0) > > >| > > >| > > >| (192.168.2.135) > >192.168.1.0 (Internal LAN) ----------------------- Firewall NG >-------------------------------------------------------- INTERNET > > (192.168.1.135) >(212.11.21.13 Valid adress) > > > > > >I am trying make port mapping to webserver for http and telnet services >(http to web server and telnet to internal server) > >using NAT, and "Perform destination traslation on the client side" is >cheked. > >However, I don't get NAT inside. > > > >Rules : > > > >Any Webserver http Accept Log > >Any Internalserver telnet Accept Log > > > >NAT RULES : > > > >Any Firewall http Original Webserver >Original Gateways > >Any Firewall telnet Original Internalserver >Original Gateways > > > >I can get login but in Firewall host, not in Internalserver (no Xlated >paquets in Log, but I can see > >in log : > >61.62.63.123 (Origin) Firewall (Destination) telnet (Service) >5 (rule number) Accept > >61.62.63.123 (Origin) Firewall (Destination) http (Service) >6 (rule number) Accept > >(I don't see drop packets about this, and "Log implied rules" is >checked) > > > >WHY don't translate??? > >In Global Properties is checked "Automatic rules intersection", "Perform >destination translation on the client side" and > >"Automatic ARP configuration". > >I have seen the Phoneboy document >(http://www.phoneboy.com/faq/0428.html), but it doesn't work. > >What's wrong?? > > > >I would like to hear some advise... >Thank's in advance > > > >Raul Gonzalez > > > > > > > > > _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
