RE: [FW1] FW-1 Setup

Tue, 24 Oct 2000 02:13:18 -0700 


Ben,

You have to use the external int of the Firewall for the arp entries as it
will respond to the internet on behalf of the NAT'd machine. You also need
the static route pointing to the inside. Routing is done before the NAT so
you have to point the External address to the inside (real address).
As for the IP ranges, I presume these are just plucked out of the air for
examples, the reason I hope this is the case as the IP range specified would
overlap both sides of the firewall, you could have for example 10.10.10.1-30
outside and 10.10.10.33-62 inside.
Also, you will need to put the arp entry in the local.arp file. You cannot
make static arp entries persist across reboots on NT.

Hope this help to clear things up.

Russell Goodwin

-----Original Message-----
From: Ben Cuthbert [mailto:[EMAIL PROTECTED]]
Sent: 23 October 2000 22:24
To: Firewall Mailing List
Subject: [FW1] FW-1 Setup 



Hi all 

could some tell me if this firewall setup would work 

i have a range of ip address lets say 

10.10.10.40  to 10.10.10.70

my router that is by my provider is 10.10.10.39

my firewall has 2 interfaces

on that faces the router 10.10.10.40
and on that faces local net 10.10.10.41

now my windows machine on the internal network is 10.10.10.45
and what i was trying to do is disable the arp requests on the firewall 
and add then statically , 

so i would give my windows machine something like this

arp -s 10.10.10.45 and then mac address of the internal interface of the
firewall

if it did this would it work 

bec i am have problems trying to get this setup to work


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to