Re: [FW-1] problems with NAT

[Morten Jensen]

Title: RE: [FW-1] problems with NAT

Hi Renato
Did you remember to add a NAT rule that looks like
        ORIGINAL PACKET                                                 TRANSLATED PACKET
Source                  destination             service Source  destination             service
Internal-network                DMZ-Network             ANY             =Origional      =Origional              = Origional

Morten

-----Original Message-----
From: Renato Ribeiro dos Santos, SYNAPSIS
[mailto:[EMAIL PROTECTED]]
Sent: 18. oktober 2002 17:20
To: [EMAIL PROTECTED]
Subject: [FW-1] problems with NAT

Hi,

I have an Firewall-1 NG FP3 installed in a SUN box.

I'm having problems with NAT.

I have defined an object named EMAILRELAY ( ip 192.168.10.1 ) in the DMZ.
This server have to receive connections from external servers and forward
the messages to the EMAILSERVER ( ip 192.168.12.100 ), located in the
internal network.

Because the EMAILRELAY have an "INVALID IP ADDRESS" we have to apply NAT on
this object.
When create it was defined an static NAT for this object with the ip
200.244.44.69 ( an imaginary ip on the network ).

I'm able access to this host from the internet and access the internet from
the host, BUT I'M NOT ABLE TO ACCESS THE EMAILSERVER(IP 192.168.12.100) FROM
THE EMAILRELAY SERVER, BECAUSE IT'S DOING NAT TO THE INTERNAL NETWORK ( THE
SOURCE ADDRESS IS TRANSLATED TO 200.244.44.69 EVEN IN THE INTERNAL
INTERFACES ).

The problem is not routing. When I stop the Firewall I can communicate with
no problems.

       Ip 192.168.12.100
               |--------|
               | EMAIL  |
               | SERVER |------------|
               |--------|            |
                                     |
                                     |
                                     |interface eri0 ( internal networt )
                                     |invalid ip address ( 192.168.12.250 )
                                     |
                               ------|-------
                               |            |
                               |   SUN/CP   |
                               |            |
                               ---|------|---
                                  |      |
( external network )interface qfe0|      |interface qfe1 ( dmz network )
valid ip address ( 200.244.44.70 )|      |invalid ip address (
192.168.10.250 )
                                  |      |
                                  |      |
                                  |      |
                                  |      |     ---------
                                  |      |     | EMAIL |  ip 192.168.10.1
                                  |      ------| RELAY |
                                  |            |-------|
                                  |
                                  |
                             |----------|
            internet --------|  router  |
                             |----------|

can anyone help me ?

Thanks,

Renato Ribeiro

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================