----- Original Message -----
From: "Joerg Oertel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 02, 2000 12:30 AM
Subject: RE: [FW1] Advanced Misuse Configuration Guide :-)
>
> On Wed, 31 May 2000 11:47:12 -0500, Michael Lea wrote:
>
> [snip]
> >It may be useful to use your favorite network sniffing program
> >to watch the traffic on both mail servers and your client machine as
> >well.
>
> That's what I did. I can see the packets on the DMZ instead of the
> external segment.
>
> My theory is that FW-1 first looks for the route, then sends the
> packet to the appropriate interface, then translates the address. Of
> course, the addressee can't answer the packets...
>
Actually, the order of the events is platform dependant and it is the OS
that is responsilbe for the routing of the packet.
> Is there a way to have NAT done on the inbound interface? That would
> solve this problem.
It is more accurate to state that NAT is one of the last things that FW-1
will
do rather than stating that it occurs on the outbound interface. I know that
we
have stated that NAT occurs on the outbound interface before, but that is
not
what is happening on all platforms FW-1 runs on.
Unfortunately, since this thread does not include all responses, it is not
easy
to determine what was suggested and what does and does not work.
Going back to Joerg's original email. I see that he wants to use Static NAT
to translate the valid, external IP address associated with this site's MX
record
to the invalid, internal IP address assigned to the SMTP server, which has
been
relocated behind the firewall.
But, I only see the FWXT_DST_STATIC rule. What about the FWXT_SRC_STATIC
rule? What has been done to enable the SMTP server to have its packets
translated
back to the valid, external IP address?
--- Jerald Josephs
>
> Anyhow, thanks a lot to all who responded.
>
> Ciao,
>
> Joerg
>
>
>
> // pallas GmbH ............ Joerg Oertel ...........
> Hermuelheimer Str. 10 System engineer
> D-50321 Bruehl, Germany [EMAIL PROTECTED]
> phone +49-(0)2232-1896-0
> http://www.pallas.de fax +49-(0)2232-1896-29
> ........................................................
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
