First, never send out your public IP addresses across a publicly accessible
mailing list.
The arp address should be
<NAT'd address for client to see> <MAC address of outside interface of the
firewall>
Route should be
route add (what ever Unix flavor specific command options here) <NAT'd
address for client to see> mask 255.255.255.255 <Actual machine IP address
internally> (Unix metric options here)
Not trying to say you don't know how to do it, just look at the specific
info related to the arps and routes. Do a netstat to see if the correct
route is in there and an arp -a to see all of the arps. Usually this issue
is a small nit-picky thing that you will look over and over and never see.
-----Original Message-----
From: Randall Kizer [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 6:19 PM
To: Jim Brown; [EMAIL PROTECTED]
Subject: RE: [FW1] Static NAT
We can get from the inside going out, but not outside coming in.
We've opened a rule from a specific outside IP that should have no problem
coming in. When we do a traceroute, we can get all the way to the outside
interface of the firewall, but no further. When we watch the firewall log,
there's no entry indicating xlate, deny, permit, or anything.
The arp -s rule we're using (Solaris 2.7) is as follows:
arp -s 159.28.34.223 8:0:20:9a:72:e9 pub
Randall
At 03:07 PM 8/25/00 -0600, Jim Brown wrote:
>Randall, Randall... Details, Details. How did it not work?
>
>-----Original Message-----
>From: Randall Kizer [mailto:[EMAIL PROTECTED]]
>Sent: Friday, August 25, 2000 12:31 PM
>To: [EMAIL PROTECTED]
>Subject: [FW1] Static NAT
>
>
>
>Last night I tried to cut-over to 4.1 SP2. Everything worked great except
>for STATIC NAT. Hidden NAT worked, the firewall rules worked, everything
>worked except static NAT. Any suggestions?
>
>Randall
>
>
>
>-
>"As soon as men decide that all
>means are permitted to fight an evil,
>their good becomes indistinguishable
>from the evil they set out to destroy."
> --Christopher Dawson
>
>
>
>===========================================================================
=
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=
>====
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
-
"As soon as men decide that all
means are permitted to fight an evil,
their good becomes indistinguishable
from the evil they set out to destroy."
--Christopher Dawson
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
