as a further investigation in my NATy problems...
please refute this if possible.
say you have a network like so:
+----+
| fw |
| >eth0 outbound to the Internet routeable
| | addresses 207.46.103.x **
| |
| >eth1 perimeter net lets say addresses 10.230.230.x
| |
| >eth2 internal net lets say addresses 10.230.231.
| |
+----+
** not my address space, but a well know one. :)
anyway we set a nat hide translation for 10.230.230.x to hide
behind 207.45.103.50.
That works fine for the internet and traffic heading out eth0, but
does not the same translation happen on traffic going from eth1 to
eth2 (inbound)? (so I end up with 207.46.103.x traffic on the internal
network). That is not what I intend. Any way around this? ideally what
I would like to see is nat only happen when it traverses eth0. I had
assumed (wrongly it appears) that if and object has a translation rule
that it would only be applied if a rule says to. It appears that what
really happens is that if the ip address of an object has a
translation rule it happens regardless if the object is in the rule or
not. (e.g object-a and object-b both point at the same ip address,
object-b has the nat, object-a doesn't and is in the rulebase. the nat
happens anyway when it matches the ip address of object-b)
anyone know a way around this?
fj..
--
"The days are just packed!" Calvin & Hobbes
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
