The IP addresses I used were bogus (at for my organization).
At 11:36 AM 8/26/00 -0400, Tim Cullen wrote:
>First, never send out your public IP addresses across a publicly accessible
>mailing list.
>The arp address should be
><NAT'd address for client to see> <MAC address of outside interface of the
>firewall>
>Route should be
>route add (what ever Unix flavor specific command options here) <NAT'd
>address for client to see> mask 255.255.255.255 <Actual machine IP address
>internally> (Unix metric options here)
>
>Not trying to say you don't know how to do it, just look at the specific
>info related to the arps and routes. Do a netstat to see if the correct
>route is in there and an arp -a to see all of the arps. Usually this issue
>is a small nit-picky thing that you will look over and over and never see.
>
>-----Original Message-----
>From: Randall Kizer [mailto:[EMAIL PROTECTED]]
>Sent: Friday, August 25, 2000 6:19 PM
>To: Jim Brown; [EMAIL PROTECTED]
>Subject: RE: [FW1] Static NAT
>
>
>
>We can get from the inside going out, but not outside coming in.
>
>We've opened a rule from a specific outside IP that should have no problem
>coming in. When we do a traceroute, we can get all the way to the outside
>interface of the firewall, but no further. When we watch the firewall log,
>there's no entry indicating xlate, deny, permit, or anything.
>
>The arp -s rule we're using (Solaris 2.7) is as follows:
>
>arp -s 159.28.34.223 8:0:20:9a:72:e9 pub
>
>Randall
>
>At 03:07 PM 8/25/00 -0600, Jim Brown wrote:
>
> >Randall, Randall... Details, Details. How did it not work?
> >
> >-----Original Message-----
> >From: Randall Kizer [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, August 25, 2000 12:31 PM
> >To: [EMAIL PROTECTED]
> >Subject: [FW1] Static NAT
> >
> >
> >
> >Last night I tried to cut-over to 4.1 SP2. Everything worked great except
> >for STATIC NAT. Hidden NAT worked, the firewall rules worked, everything
> >worked except static NAT. Any suggestions?
> >
> >Randall
> >
> >
> >
> >-
> >"As soon as men decide that all
> >means are permitted to fight an evil,
> >their good becomes indistinguishable
> >from the evil they set out to destroy."
> > --Christopher Dawson
> >
> >
> >
> >===========================================================================
>=
> >====
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> >===========================================================================
>=
> >====
> >
> >
> >===========================================================================
>=====
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> >===========================================================================
>=====
> >
>
>
>
>
>-
>"As soon as men decide that all
>means are permitted to fight an evil,
>their good becomes indistinguishable
>from the evil they set out to destroy."
> --Christopher Dawson
>
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
-
"As soon as men decide that all
means are permitted to fight an evil,
their good becomes indistinguishable
from the evil they set out to destroy."
--Christopher Dawson
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
