[FW1] Please Help NAT not working!!!!!

Mon, 12 Jun 2000 09:35:23 -0700 


Okay here's the situation.

I have a web server that I am trying to make viewable to the external world.
I believe that I have performed all the steps necessary for my nat to work.
I have set up the following rules:

Security Policy
any -> NAT web server(public address) -> http -> Accept


Address translation
      ORIG.
TRANS.
Any -> NAT web server (public address) -> any             Orig -> NAT web
server (priv address) -> orig
NAT web server (priv address) -> any -> any                  NAT web server
(public address) -> orig -> orig

I have also added the static routes on the firewall itself:
route add host (public address)  (private Address)

And the Arp statement:
arp -s (public address)   (MAC of external interface)  pub


And it is  still not working. I can ping the host from the outside however I
cannot telnet to it on port 80. I have already contacted my ISP and had them
associate an A-record with the public IP address and the name resolves
correctly but the web server seems not to respond when trying to pull up
externally. I can pull the page up internally with its private address just
fine so I believe that the server is configured correctly. I'm running
CPFW-1 version 4.0 sp5 on Solaris 2.6. We also have stonebeat 3.0 which
requires all routes to be added through its GUI interface. 


David K Gregory II   CCSA 
PG&E National Energy Group
[EMAIL PROTECTED]



PG&E Generating, PG&E Energy Trading and any other
company referenced herein that uses the PG&E name or
logo are not the same company as Pacific Gas and
Electric Company, the regulated California utility.  Neither
PG&E Gen, PG&E Energy Trading nor these other
referenced companies are regulated by the California Public
Utilities Commission.  Customers of Pacific Gas and Electric Company
do not have to buy products from these companies in order
to continue to receive quality regulated services from the utility.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to