Peter,
Your setup seems straight forward on the face of it! You have a number of systems on a DMZ (or PSN if you like) are they presently on a private range? If so, as you say you simply need to have: (assuming you are using the GBADMIN interface) 1. In the NAT section\Aliases, set an alias for each of external addresses you want to use. 2. In the Inbound Tunnels section, you can either map an external address and port to an internal address and port and automatically accept the filters or map an external to internal address and use a filter in the FILTERS section to limit or allow the traffic as needed. Be careful of the Hide Source - it caught me out when I was testing some things in the early days! I have no idea if you have tried this, but if you could just use a single address and a spare PC you could experiment quite nicely! Unfortunately (as of in 15 minutes) I am away for the rest of today, but if you are still struggling tomorrow, I will try to assist, some of the other guys in the forum are really helpful, and I am sure will take you forward. Best Regards, Steve Leach Network Manager Mi-Int Limited Eaglescliffe Logistics Centre Durham Lane Egglescliffe URL: http://www.askalix.com TEL: 01642 356205 e-mail: [EMAIL PROTECTED] ----- Original Message ----- From: "Peter Martin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 27, 2002 1:04 PM Subject: [gb-users] GB1000- and PSN > Hi all, > > I currently run a standard linux packet filtering firewall and have > purchased a GB1000 to replace this, I'm having trouble getting requests > forwarded to the addresses in the PSN (DMZ) I can route to the PSN interface > from the internet but no further in? > > I have a setup as below, and I'm just trying to replicate this at present > and setup mobile VPN clients to attach from home, I'll make fancy changes > later. > > Internet 65/252 > Cisco Router Serial 66/252 > two address subnet pair > > Cisco Router Ethernet 69/252 > GB external 70/252 > two address subnet pair > route 72/248 to 73 > > GBPSN 73/248 > WWW server 75/248 > mail server 75/248 > > What I seem to be seeing from the manual is that I'll have to alias the > current DMZ addresses onto the PSN interface and then tunnel and filter > these to new 'private' addresses assigned to kit in the PSN. > > Any help would be appreciated as I have to have this thing + VPN working by > Thurs night! bosses deadline! > > Peter Martin > IT Operations Manager > Initial Electronic Security > t. (44) 01254 291413 > f. (44) 01254 267549 > e. [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
