In Linux it's the same as in Solaris.
Static NAT you can set it in object properties. Than you have to add arp
entry for valid address on external interface (for example /sbin/arp -i eth0
-f /etc/fw/conf/nat_arp.txt, in nat_arp.txt each line contains
<valid_IP> <HW_ADDR_ext_Interface> pub
193.121.14.8 00:60:97:20:FE:6D pub). Last but not least you have to set host
base route
/sbin/route add -host 193.121.14.8 gw 192.168.1.3
Hiden NAT should be easy, but it didn't work in my lab. You have to only add
arp entry for valid address on external interface. It worked only when I
NATed everything to one IP address (this address had to be IP address of
external interface). I found work around. I'm setting aliases (eth0:0 ,
eth0:1, ....) on external interfaces and it works OK and I hadn'n set arp.
Of course everything is in fwboot script.
I hope it help
Tom
-----Original Message-----
From: Arnvid Karstad [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 08, 2000 11:12 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Linux/Firewall-1 and NAT.
Hiya,
On NT and Solaris the task of using NAT to translate an external/offical
ip to an internal for usage on DMZ services like Web servers etc are
easy. On Linux it seems not. Anyone know where one can find information
about how to do this on Linux /Firewall-1?
Regards,
Arnvid Karstad
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
