RE: [FW1] NATed address not on firewall subnet

Mon, 15 Jan 2001 12:33:29 -0800 


I know this works, as it is running here (NT, but Solaris will work as well)

A few thoughts:

- Did you publish an arp entry for the external NAT address (a la arp -s
etc. pub)?
- Did you put a static host route on the firewall to forward the incoming
traffic to your router (a la "route add outsideIP routerIP")?
- Did you define the static NAT in the firewall rulebase for both inbound
and outbound traffic to the server?
- Does the server have a valid route back out to the internet through the
same firewall?

Hope that's a start -

Dan Hitchcock
Network Engineer
425.456.3970
[EMAIL PROTECTED]
Xylo, Inc.
The work/life solution for corporate thought leaders



-----Original Message-----
From: Lawrence Mackley [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 15, 2001 11:34 AM
To: Firewall-1 Mailing List
Subject: [FW1] NATed address not on firewall subnet



I am trying to NAT an internal server that is on a
different subnet than the firewall. In the example
below, is it possible to have the firewall NAT a
server on subnet C to subnet A? 

The problems seems to be that the firewall is not
performing NAT and instead is relying on a routing
entry which cannot be created. Checking the log shows
no XlateDst values for incoming traffic (using SMTP
security server). I have tried both automatic and
manual NAT. FW-1 4.0 SP5, Solaris 2.6.

Internet
   |
(registered subnet A)
   |
Firewall
   |
(unregistered subnet B)
   |
Router
   |
(unregistered subnet C)
   |
Server

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to