$FWDIR/state/local.arp is the file that specifies the proxy arps. You
should not need to mess with any physical adapter setting on the firewall.
The config should look like:
<external_ip> <external mac of firewall>
where the external IP is an unused IP on the outside that you are statically
mapping to a host on the other side of the firewall.
-Warren.
-----Original Message-----
From: Dan Hitchcock [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 01, 2000 1:54 PM
To: 'Travis Guinn'; 'Tim Huxel'; fw-1
Subject: RE: [FW1] NAT
Sorry to re-beat the much-beaten proxy arp horse, but I need a quick
clarification:
When using the proxy arp method on NT with FW-1, do you need to bind the
address to the adapter using Advanced TCP/IP properties in the Network
control panel? Or is the proxy.arp sufficient to generate the binding?
TIA -
Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)
425.456.3970
The work/life solution for corporate thought leaders
-----Original Message-----
From: Travis Guinn [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 01, 2000 8:38 AM
To: 'Tim Huxel'; fw-1
Subject: RE: [FW1] NAT
NAT 5 Step Rule
1. Add external address and external NIC MAC address in format
208.203.162.55 00-00-00-00-00-00
2. Add route from external address to internal address in form of route add
208.203.162.55 192.168.100.5 -p (Except for Hiding addresses)
3. Add NAT rule to the rule base. This can be done using automagic or
manual, but manual requires the creation of two objects, one int and one ext
if doing static, and to do hiding you must use a range object.
4. Add the EXTERNAL object to the valid addresses group object on the
INTERNAL interface of the firewall object under spoofing. If you are doing
auto NAT add the internal object to the valid addresses.
5. Add a security rule to allow traffic to/from the address.
Travis Guinn MCSE/CCSE/CCA/A+
Data Transit, Intl - Dallas
1999 #1 Citrix Integrator Nationwide
v(972) 458-8384 f(972) 455-0557
-----Original Message-----
From: Tim Huxel [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 01, 2000 9:49 AM
To: fw-1
Subject: [FW1] NAT
I can't get NAT to work on NT.
Here is what I have done.
1)On the firewall I created the local.arp
file on the firewall.(translated_address external_macaddress)
2)Edited the fwscript route add external_address internal_address -p
3)Created workstation object internal_address with NAT add automatic
translation rules. Method hide. Hiding address an address on the external
networks subnet. Install On all
4)Created security policy any any any accept. Just for testing purposes.
5)Added static route from translated_address to internal_address.
When I trace route to the external_address I can only get to the
internal_address. I can ping the external_address.
I'm sure that I missed something. I've tried several routes and
configurations
but, still no NAT.
TIA
Tim
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
