You should setup port address translation with the IP address that you are
using. This way you will be able to use the one IP address for the DMZ and
the DMZ's Servers different IP addresss's
----- Original Message -----
From: "Barcus, Timothy" <[EMAIL PROTECTED]>
To: "'Joe Voisin'" <[EMAIL PROTECTED]>; "FW1 List (E-mail)"
<[EMAIL PROTECTED]>
Sent: Wednesday, August 09, 2000 12:45 PM
Subject: RE: [FW1] FW1's NAT..
>
> Have you made the required ARp and/or routing table changes on the
firewall
> system to reflect your translated addresses??
>
> Also, I don't believe you can point an outside hidden address to multiple
> (different) inside addresses. The routing for it just doesn't seem to
make
> sense..
>
> -----Original Message-----
> From: Joe Voisin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 09, 2000 11:35 AM
> To: FW1 List (E-mail)
> Subject: [FW1] FW1's NAT..
> Importance: High
>
>
>
> I am trying to do NAT on a single IP address spliting up the services
> between machines in the DMZ... Pretty standard things really...
>
> source dest service source dest service
> INT_NET INT_NET ANY ORIG ORIG ORIG
> (Don't translate if it's staying internal!)
> MAIL_INT ANY ANY MAIL_EXT ORIG
> ORIG
> (Mail Server going out has to have an address...)
> ANY MAIL_EXT SMTP ORIG
> MAIL_INT ORIG
> (Incoming mail has to get to the Mail Server. SMTP Port)
> ANY MAIL_EXT POP3 ORIG
> MAIL_INT ORIG
> (Incoming pop3 requests have to get to the mail server too!)
> ANY MAIL_EXT PORT_1212 ORIG
> WEB1_INT ORIG
> (why does this not work?)
> ANY MAIL_EXT PORT_2323 ORIG
> WEB2_INT ORIG
> (this one doesn't work either!!!)
>
> When going through the logs, I see a connect on the right port and it
seems
> to be allowing the connection, but the web server never seems to respond.
>
> It currently works fine on SMTP and POP3. Internet Exploder is coming
back
> with 'Cannot find Server or DNS Error'
>
> If I add a test rule (the test works):
> ANY MAIL_EXT PORT_1212 ORIG
> MAIL_INT TELNET
>
> If I change the test to (this doesn't work!):
> ANY MAIL_EXT PORT_1212 ORIG
> TEST_SERVER TELNET
> I don't ever get a response from the telnet to port 1212 on the second
test.
> I set myself up with an any any rule for this test and it still doesn't
> work.
>
> My question is: will I have to bounce the firewall to make this work?
Will
> I have to purge the state tables or re-index the ruleset? I have found
that
> there are so many anomalies with checkpoint. I am also looking at
upgrading
> to SP2 this weekend.
>
> I have also turned off spoofing protection and everything like that..
> ======================================================================
> Joseph Voisin, Systems Administrator, Engel Canada Inc.
> www.engelmachinery.com | [EMAIL PROTECTED] | (519)836-0220 x436
> PGP Fingerprint: A20B 135D 0920 074F C7FE D72D 88A7 2521 5138 DFC2
> ======================================================================
>
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
