Hey, thanks for answering. I had already tried those things that you had
mentioned, and all of that was correct, however I neglected to check my
routes and access list on my internet router. Once I put the correct
information in there, everything works fine.
I feel sooo duuuuhhh!!!!
thanks,
David
-----Original Message-----
From: Chad Graham [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 12, 2000 1:50 PM
To: Gregory, David
Subject: Re: [FW1] Please Help NAT not working!!!!!
David,
Your rule should not allow you to telnet. Try either adding telnet or any
(for
testing purposes). Other than that it sounds like you have everthing set up
right. An "arp -a" and a "netstat -rn" show everything was added correctly?
Does the web server have a default route pointing back to the firewall? Did
you run snoop on the web server to make sure the packets are making it?
If I told you stuff youve already checked, sorry, otherwise I hope this
helps.
Chad Graham
CDI Engineering
"Gregory, David" wrote:
> Okay here's the situation.
>
> I have a web server that I am trying to make viewable to the external
world.
> I believe that I have performed all the steps necessary for my nat to
work.
> I have set up the following rules:
>
> Security Policy
> any -> NAT web server(public address) -> http -> Accept
>
> Address translation
> ORIG.
> TRANS.
> Any -> NAT web server (public address) -> any Orig -> NAT web
> server (priv address) -> orig
> NAT web server (priv address) -> any -> any NAT web
server
> (public address) -> orig -> orig
>
> I have also added the static routes on the firewall itself:
> route add host (public address) (private Address)
>
> And the Arp statement:
> arp -s (public address) (MAC of external interface) pub
>
> And it is still not working. I can ping the host from the outside however
I
> cannot telnet to it on port 80. I have already contacted my ISP and had
them
> associate an A-record with the public IP address and the name resolves
> correctly but the web server seems not to respond when trying to pull up
> externally. I can pull the page up internally with its private address
just
> fine so I believe that the server is configured correctly. I'm running
> CPFW-1 version 4.0 sp5 on Solaris 2.6. We also have stonebeat 3.0 which
> requires all routes to be added through its GUI interface.
>
> David K Gregory II CCSA
> PG&E National Energy Group
> [EMAIL PROTECTED]
>
> PG&E Generating, PG&E Energy Trading and any other
> company referenced herein that uses the PG&E name or
> logo are not the same company as Pacific Gas and
> Electric Company, the regulated California utility. Neither
> PG&E Gen, PG&E Energy Trading nor these other
> referenced companies are regulated by the California Public
> Utilities Commission. Customers of Pacific Gas and Electric Company
> do not have to buy products from these companies in order
> to continue to receive quality regulated services from the utility.
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
