[FW1] Linux and FW-1: big problem

Wed, 14 Jun 2000 06:21:11 -0700 


Hi there,

I thought to be not that faraway having FW-1 running on Linux. But now I�m
stuck with real tricky problem.

My scenario looks like that:

I-------------I
I     PC      I supposed to be the Internet
I-------------I
192.168.1.131
255.255.255.240
192.168.1.131 (Default GW)
       I
       I
       I
192.168.1.130
255.255.255.240
I-------------I
I  Firewall   I 192.168.1.130 (Default GW)
I-------------I
172.32.0.1
255.255.255.0
       I
       I
       I
172.32.0.2
255.255.255.0
172.32.0.1 (Default GW)
I-------------I
I      PC     I (Web-Server)
I-------------I

And here it comes:

When I configure NAT HIDE for the network 172.32.0.0 it IS possible to ping
from the inside to the outside.

Network: 172.32.0.0/255.255.255.0 "Hide: 192.168.1.130"

But a soon as I add a NAT STATIC to the server (172.32.0.2) it IS NOT
anymore.

Host:     172.32.0.2/255.255.255.255 "Static: 192.168.1.140"

I need this NAT STATIC because I like to hide the servers internal address
but have him be reached by a "official" (192.168.1.140) address from
outside.

OK, I know what you think. RTFM - I did so many times and even adding
local.arp (like I did it on a NT-Installation) doesn�t help.
Yes, the static route entry is set as well:

firewall:/etc/fw/state # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         192.168.1.131   255.255.255.255 UGH   0      0        0 eth1
192.168.1.140   172.32.0.2      255.255.255.255 UGH   0      0        0 eth0
172.32.0.0      0.0.0.0         255.255.255.252 U     0      0        0 eth0
192.168.1.128   0.0.0.0         255.255.255.240 U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo  

Even a local arp entry on the system didn�t help.

What makes me wonder is that if the NAT STATIC for the host is removed at
least the communication from the inside to the outside works.

I�d appreciate any kind of help since don�t know what to do....

Marco Rossi

Libra Software GmbH    fon: +49 621 41997 21
Erzberger Strasse 17   fax: +49 621 41997 30
68165 Mannheim         http://www.libra.de


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to