Re: [FW1] External Network and NAT

Tue, 11 Jul 2000 14:32:57 -0700 


John,

Adding another NIC shouldn't be so difficult. What does
your routing table look like? Do you have multiple 
default routes? What does your ARP table look like?
Did you change your external IP from 208.x.x.x to
209.x.x.x?

What do your NAT rules look like now?

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> John Dorsch <[EMAIL PROTECTED]> 7/4/00 4:44:36 PM >>>
>
>Hello List,
>
>I have inherited FW1 4.0 on NT4.0 SP5. The version we have is the single
>gateway version. From monitoring the list and reading the manuals, we have a
>common type of configuration, that is:
>
>1. A connection to the internet through an external router 208.x.x.x
>2. A connection to a DMZ        192.x.x.x  Static NAT
>3. An internal Network              100.x.x.x  Hidden
>
>NAT and everything works OK. No complaints.
>
>Until....
>I have to integrate a 4th network ( 209.x.x.x) through the firewall . I need
>to NAT (Static) from 209.x.x.x to the DMZ addresses 192.x.x.x (Web servers.)
>I have:
>1. Enabled a 4th NIC on the Firewall
>2. Assigned it an IP address on the 209.x.x.x Network
>3. Configured the routing table on the NT/FW1 Box with   External IP -  MASK
>- Internal IP
>4. Configured static routes on the router on 209.x.x.x.
>5. Configured Static NAT rules.
>6. Configured local.arp for another interface
>
>The problem is that I cannot acheive a static translation to the DMZ from
>the 209.x.x.x network.
>
>The advice I have received is that adding an another interface to FW1 is
>tricky and that a re-install is needed.
>Am I wasting my time doing this with the single gateway version? Or is there
>a way to do this legally without upgrading to the enterprise version. Or am
>I missing something in my configuration? Any advice on this would be of
>great help.
>
>Thanks,
>
>John Dorsch
>PMB Inc.
>[EMAIL PROTECTED] 




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to