Uh...you _may_ kick yourself... You do know that Gauntlet is an application level gateway, right? What this means in practice is that no connections normally ever go _through_ the firewall, thus obviating the need for NAT in almost all cases. In other words - the proxies all talk to the outside world using the IP address of the firewall. The firewall talks to internal hosts using it's internal IP. Internal hosts do not normally talk to the outside world. If you're actually trying to get the outside world to access a server that is running some kind of custom service the idiomatic way to do that with Gauntlet is to use a plug proxy. If you _actually_ want to use NAT, having heard all that, then all I can say is - I had a hard time getting it to work as well. I don't recall doing anything "of substance" except reinstalling the product. (Not that I have ever found a valid reason to use NAT in production.) Oh, BTW: Your comment about the manual being 'vague'? You must have a version with a good manual. The 5.5 manual for the NT product is downright _inaccurate_. ;) Cheers, -- Ben Nagy Network Consultant, Volante Solutions PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 -----Original Message----- From: Jim Kearney [mailto:[EMAIL PROTECTED]] Sent: Saturday, 21 October 2000 5:54 AM To: [EMAIL PROTECTED] Subject: NAT I am evaluating gauntlet and am trying to get internet access to a server using NAT. Here is what I have done. I added a NAT entry with 10.10.10.50 and 255.255.255.255 in the local addresses section. I entered w.x.y.z (Actual value withheld for privacy) 255.255.255.255 in the global addresses section. I have it set to EXTERNAL interface sees global address, NAT is selected (opposed to INAT) and STATIC is selected (opposed to Dynamic). I made sure that the "UNTRUSTED" policy is accepting the protocol I want to use, and I have entered a packet filter for the protocol (FTP). I have turned ON NAT for the external interface on the interfaces tab. I have configured the server to use the firewall as the default gateway. What else do I have to do to get this to work, the manual is very vague on this subject. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
