RE: [FW1] How to setup ftp and htttp w/ FW-1 External Interface Only

Wed, 12 Jul 2000 11:51:56 -0700 


You need to setup your firewall to Proxy ARP for the internally NAT'ted
addresses.  We do this quite extensively actually.  

On the Nokia boxes you go into Voyager and add a proxy arp entry under the
interfaces choice.
In FW-1 add two objects.  One os the actual internal object with a NAT
defined on it for the external rule.  Then add an object that is the
external address as a "placeholder" for the actual rule.

On Sun - I'd have to go look it up.... haven't done inbound NAT there
(somebody wanna enlighten us?)

On NT - shame on you - get a real box....

Example:

an internal mail server with address 192.168.1.5   it's valid external
address is 200.100.10.10.  named mail1 or something

then a placeholder object with just the address 200.100.10.10  i usally name
these the same as the first but with a -valid tag (such as mail1-valid).

In a rule say 

Any     mail1-valid      ftp, http, smtp (whatever)        target to install
and logging as you choose


Kapische?  Hope that's clear....
---
Jeff Leggett, CCSA/CCSE, Linux Certified
Network Security Management Consultant
Verizon Wireless
(o)678-339-5440
(m)678-613-5440



-----Original Message-----
From: Imran Ali [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 2:21 PM
To: [EMAIL PROTECTED]
Subject: [FW1] How to setup ftp and htttp w/ FW-1 External Interface
Only



Does anybody knows how to redirect ftp and www  to internal servers with
only fw-1 external (valid ip) address. I also have interal users that
need access to http,ftp, and telnet. I have done NAT with internal users
going out via a NAT hiding translating rule and ftp and www are done
with static rules. I also have appropriate access rules in fw-1. I can
see packets entering the fw in the logs but it seems like they are not
routed (or getting out of the fw).

Thanks in advance
-Imran Ali



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to