I have been entirely frustrated trying to get a second proxy ARP NAT rule
working on a FW-1 v 4.0. I have created a proxy ARP entry (exactly the same as
another, working rule, with different address of course), accepting a valid
address. I have created a route (route add "validaddr" "routerinvalidaddr" 1),
and have created a NAT rule as follows:
All_IP -> "validaddr" Hide 0.0.0.0 -> Static "invalidaddr"
All_IP is simply that, network range from 0.0.0.0 to 223.somethingorother. The
Hide 0.0.0.0, is, for those who don't know, the
as-far-as-I-can-tell-undocumented "Auto Translate" feature which hides the
connection behind the outgoing interface IP address.
Finally, there is a rule allowing Any to access both "validaddr" and
"invalidaddr" via http.
Connections to the "proxied" IP address result in resets sent back.
There are two log entries. One accept, as per the rule, incoming on external
interface, looks good. Then there is a reject, outbound on internal interface,
rule 0, Info: len 44.
I have another of these working, on a high port, without problem. I am guessing
that the in.ahttpd daemon/listener is causing this ruckus, because everything
else about these rules is identical.
Please help a fellow downtrodden CP customer...
Marc Lueck
GSO Network Security
Reuters
-----------------------------------------------------------------
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
