You can pass a vpn tunnel through the firewall to an address that is being NAT'ed. The particular protocol you use will have to support the ability to handle a network address translation.
----- Original Message ----- From: "Ian Gilfillan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 12, 2002 11:26 AM Subject: Re: [FW-1] Redirect trafic on FW1-4.1? > Depending on your platform it is pretty straight forward. ProxyARP the > external address then add a route between the 2 addresses with a rule > allowing specific traffic. > As for the second part, Why? Surely it would be aVPN to the internal > Address. > Ian > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED]] On Behalf Of Johan > Sunnerstig > Sent: 12 December 2002 15:52 > To: [EMAIL PROTECTED] > Subject: [FW-1] Redirect trafic on FW1-4.1? > > > Hi. > Im wondering if it's possible to have an internal host, let's call it > 192.168.1.50, running some service, say a webserver or ftp server, and > have FW-1 redirect requests sent to a public address? Say you have one > box, 192.168.1.50, and you need to let people in to it from the outside, > but getting another box to do proxying, or putting this host on a public > address is out of the question. Is there a way to work this out with > FW-1 4.1? > > I've done this with OpenBSD/PF, where the rule would look something > like: rdr on if1 proto tcp from any to 150.160.170.180 port x -> > 192.168.1.50 > > Anything similar one can do with FW-1? > > Oh and to expand on that a bit, a more hypothetical question, could one > create a VPN connection to this "fake" host(150.160....) and have that > reach the internal host as well? Something like this(sorry my graphical > abilities are...lacking, I know ( VPN_West - VPN-GW-W - Internet - > VPN-GW-E - VPN-East(fake host) ) rdr-> 192.168.1.50 > > If anyone can help me out here you'll make my day, a few days in fact :9 > > Regards > Johan > ________________________________________________________________________ > ____ > _____ > > How many Microsoft engineers are needed to screw a light bulb ?? None. > Microsoft declares darkness the standard. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
