Thanks for the replies people. We're running FW-1 on Solaris 2.6 by the way.
Basically, I've read through the parts about NAT/rdr in the docs, though I haven't gotten it to work, and figured maybe I was simply misunderstanding the docs. But if Im reading this right, I'd have to manually edit the routing table on the Solaris box running FW-1? I just kinda assumed FW-1 would take care of this part for me, in a similar fashion to OpenBSD/PF(sorry for my continuing references to OpenBSD, but that's the only platform where I've done this before). Thanks Johan -----Original Message----- From: Ian Gilfillan [mailto:[EMAIL PROTECTED]] Sent: den 12 december 2002 17:27 To: [EMAIL PROTECTED] Subject: Re: [FW-1] Redirect trafic on FW1-4.1? Depending on your platform it is pretty straight forward. ProxyARP the external address then add a route between the 2 addresses with a rule allowing specific traffic. As for the second part, Why? Surely it would be aVPN to the internal Address. Ian -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]] On Behalf Of Johan Sunnerstig Sent: 12 December 2002 15:52 To: [EMAIL PROTECTED] Subject: [FW-1] Redirect trafic on FW1-4.1? Hi. Im wondering if it's possible to have an internal host, let's call it 192.168.1.50, running some service, say a webserver or ftp server, and have FW-1 redirect requests sent to a public address? Say you have one box, 192.168.1.50, and you need to let people in to it from the outside, but getting another box to do proxying, or putting this host on a public address is out of the question. Is there a way to work this out with FW-1 4.1? I've done this with OpenBSD/PF, where the rule would look something like: rdr on if1 proto tcp from any to 150.160.170.180 port x -> 192.168.1.50 Anything similar one can do with FW-1? Oh and to expand on that a bit, a more hypothetical question, could one create a VPN connection to this "fake" host(150.160....) and have that reach the internal host as well? Something like this(sorry my graphical abilities are...lacking, I know ( VPN_West - VPN-GW-W - Internet - VPN-GW-E - VPN-East(fake host) ) rdr-> 192.168.1.50 If anyone can help me out here you'll make my day, a few days in fact :9 Regards Johan ________________________________________________________________________ ____ _____ How many Microsoft engineers are needed to screw a light bulb ?? None. Microsoft declares darkness the standard. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
