RE: [FW1] (FW1): REDIRECTING

[Thomas . Poole]

Seems like 192.168.201.x is your "external" network. If this is the case, then what you need is a simple NAT rule with ARP'ing on NT   1) Create your internal host 192.168.202.12, make a NAT rule that static NATs it to external address 192.168.201.12 2) do a [route add -p 192.168.202.12 192.168.201.12] 3) Your downstream router needs to be able to do a layer 2 lookup on the 192.168.201.12 address. (ie-when it does a arp on the address, something needs to respond) For this to happen, you should create a winnt\fw\state\local.arp file and create the following lines 192.168.201.12    <mac address of NIC facing the gateway> If you use the local.arp method, stop and restart fw service.   As an alternative, you can put a static route on the 192.168.201.3 gateway that looks something like: ip route 192.168.201.12 192.168.201.8   The above routing makes sure the router (or whatever 192.168.201.3 is) can find the 192.168.201.12 address, because the host does not really (exist) outside of the firewall.   Email me if you get lost.   Thomas -----Original Message----- From: Nick Stoianov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 13, 2000 2:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [FW1] (FW1): REDIRECTING I want a static NAT for the internal network address because the box 192.168.202.12 is going to be a web-server connected to F5 BigIP.  Actually the whole scheme is: INTERNET -> BigIP -> Firewall -> web server ----- Original Message ----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Tuesday, June 13, 2000 11:43 AM Subject: RE: [FW1] (FW1): REDIRECTING Do you really need to NAT from 192.168.201.12 to 192.168.202.12, or do you just want to route the packets? I really wonder why you would need to NAT this, if it's internal.   Why not explain the functionality you need, and re-post. If you want to firewall to act as a gateway between networks, then you can simply add a rule to do such, as the firewall already knows how to get to every internal host (assumed)   If you really want a static NAT, please post why.   Thomas Poole -----Original Message----- From: Nick Stoianov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 13, 2000 2:12 PM To: [EMAIL PROTECTED] Subject: [FW1] (FW1): REDIRECTING Hi,   We have a firewall-1 4.1 installed on a WinNT4 with 3 network cards from private networks. 1st card -> 192.168.201.8 and 192.168.201.8 gateway: 192.168.201.3 2nd card -> 192.168.1.33   no gateway 3rd card -> 192.168.202.1 no gateway   I want the firewall to redirect all the incoming packets with destination 192.168.201.12 to 192.168.202.12   I put a rule in the NAT table:   Original Packets                                                    Translated Packets SRC         DEST           Service                                     SRC             DEST        Service any    192.168.201.12      any                                     original      192.168.202.12   any         Also I have a NAT rule for the 192.168.202.12 for the outgoing packets and it works. But I want the incoming packets with destination 192.168.201.12 to be redirected to 192.168.202.12   Any help will be greatly appreciated     Nick