Hi All, I'm having a problem with using Checkpoint SecureClient behind a hide nat OpenBSD ipfilter firewall. I have port 500 udp mapped to the client's port 500 as well as have protocol 50, port 500 and 2746 udp open between the client and the FW1 firewall and firewall management server. In watching the traffic on both firewalls, what looks like is happening is as follows: (terminology: client = SecureClient machine runing buid 4165, on NT4.0, uses RFC1918 address homeFW = OpenBSD running ipnat/ipfilter FW1 = corporate firewall running FW1 v4.1 on Solaris) client attempts to connect to a machine on the FW1 network to open an ftp sesion FW1 allows packets to flow to the internal machine internal machine attempts to connect to client using RFC1918 address FW1 attempts to talk to client (appears to use RFC address from FW1 log) using ipmon log on homeFW, it looks like the firewall initially talks to the RFC1918 address on port 500udp. client talks back to the FW1, but it looks like what the firewall sees is the homeFW talking to it from port 14185 to it's port 500 (udp). FW1 then talks to client from port 0, to the client on port 14154 (?) udp. [can't explain this; maybe I missed a packet?] using fw monitor on FW1, I see the homeFW port 14154 talking to FW1 on port 0, and vice versa. What I believe is messing things up, is that while the FW1 can talk directly to the client on port 500 udp, when the client responds, it is (naturally) being masked (by design, hide nat) as the homeFW but while the client talks from port 500 udp, it ends up being portmapped by ipfilter/ipnat to a random port (14154, 14185?) and attempting to talk to FW1 on port 500. Is this what is messing things up? Is there some way to get ipnat/ipfilter to port map udp 500 _both ways_ to the client? I've tried various incantations of 'map', 'rdr' etc. in the ipnat rules but to no avail. Either it doesn't compile, or it doesn't work. Any suggestions? ht. -- Howard Tencer, CCSE Networks and Security 150 York St., Suite 700 Spectra Securities Software Toronto, ON. M5H 3S5 [EMAIL PROTECTED] (416) 368 7979 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
