Hi Gregory,
did you switch on the spoofing protection on your fw interfaces? If yes,
you have to include the public and private addresse in the number of
allowed addresses on interface of the segment which is connected to the
web-sever.
If this is not your problem, it would be nice to see the log-entries.
This is necessary to distinguish routing, or arp problems from
fw-configuration problems.
regards
Heiko
"Gregory, David" wrote:
>
> Okay here's the situation.
>
> I have a web server that I am trying to make viewable to the external world.
> I believe that I have performed all the steps necessary for my nat to work.
> I have set up the following rules:
>
> Security Policy
> any -> NAT web server(public address) -> http -> Accept
>
> Address translation
> ORIG.
> TRANS.
> Any -> NAT web server (public address) -> any Orig -> NAT web
> server (priv address) -> orig
> NAT web server (priv address) -> any -> any NAT web server
> (public address) -> orig -> orig
>
> I have also added the static routes on the firewall itself:
> route add host (public address) (private Address)
>
> And the Arp statement:
> arp -s (public address) (MAC of external interface) pub
>
> And it is still not working. I can ping the host from the outside however I
> cannot telnet to it on port 80. I have already contacted my ISP and had them
> associate an A-record with the public IP address and the name resolves
> correctly but the web server seems not to respond when trying to pull up
> externally. I can pull the page up internally with its private address just
> fine so I believe that the server is configured correctly. I'm running
> CPFW-1 version 4.0 sp5 on Solaris 2.6. We also have stonebeat 3.0 which
> requires all routes to be added through its GUI interface.
>
> David K Gregory II CCSA
> PG&E National Energy Group
> [EMAIL PROTECTED]
>
> PG&E Generating, PG&E Energy Trading and any other
> company referenced herein that uses the PG&E name or
> logo are not the same company as Pacific Gas and
> Electric Company, the regulated California utility. Neither
> PG&E Gen, PG&E Energy Trading nor these other
> referenced companies are regulated by the California Public
> Utilities Commission. Customers of Pacific Gas and Electric Company
> do not have to buy products from these companies in order
> to continue to receive quality regulated services from the utility.
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Dr. Heiko Ploehn AM Professional Services GmbH
Tel.: 089-614589 30 Rotwandweg 5a
Fax.: 089-614589 59 82024 Taufkirchen
email [EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
