Re: [FW1] NAT and DMZ routing

[Carl E. Mankinen]

Title: NAT and DMZ routing

You have to create an entry in local.arp for the outside IP address of the webserver and the MAC of your outside interface. You then need to create a static route entry for that IP to the IP of the firewall-1 interface on your DMZ leg. You then need to define a static NAT translation rule to change IP of webserver to the DMZ/outside IP depending on direction of traffic.   You can do the same for inside leg if you want your bastion accessible from your localnets. ----- Original Message ----- From: Rob Michayluk To: [EMAIL PROTECTED] Sent: Friday, September 22, 2000 2:52 PM Subject: [FW1] NAT and DMZ routing Hi there, I am having a problem with the DMZ setup that I am trying to implement and I hope to borrow some of everyone's expertise to help me solve this. I have a FW-1 4.1 sp2 running on a Winnt 4.0 sp5 box. It has 3 interfaces: External: Routable Address Internal: 192.168.0.1 (255.255.255.0) (Hide NAT to the external address of the firewall) DMZ: 172.16.0.1 (255.255.0.0) I have a web server in the DMZ (172.16.0.5) and it's NATed to a static routable address. I can hit the web server from both the firewall itself and the internal network but I cannot access it from the internet. The ruleset is any any any accept and I don't see any drops or rejects in the logs at all. I've turned on every scrap of logging I could find. I've created an entry in the local.arp file (translated address to external MAC of the firewall) and added a persistent static route from the translated address to the internal address for the web server. Is there something that I'm totally missing? All help is greatly appreciated! Rob Michayluk Computing Network Services ACD Systems Ltd. [EMAIL PROTECTED]