[FW1] NATing

Wed, 28 Jun 2000 09:00:37 -0700 


Hi, 

Ignore my previous message I just used it for the email address.


Our class C address is subnet as follows, subnet 0 is not used, subnet 1 is
the DMZ, subnet 2 is used for NATing internal users on a 10.x.x.x network to
legal addresses, and subnet 3 is dirty side of the firewall. 

0       x.x.x.1  -  x.x.x.62            Not Used
1       x.x.x.65  -  x.x.x.126          DMZ
2       x.x.x.129  -  x.x.x.190         NATed address range used for
internal PCs
3       x.x.x.193  -  x.x.x.254         Dirty side of firewall

Which subnet is used for NATing external addresses to internal hosts? I have
tried using subnet 2 range; the firewall logs :-

external ip address     legal external address of host          telnet
accept on rule 800
external ip address     illegal internal address of host
telnet          accept on rule 800
legal external address
 of host                        external ip address
telnet          drop on rule 0

First I thought I was not getting a connection because of spoofing I turned
spoofing off (or I thought I did) but it made not a jot of different. I have
no problem on the internal pcs going out to the internet. Just coming the
other way from the internet to internal net.

Anybody any pointers? Had a look at phoneboy tried messing with local.arp

Cheers Gary
*******************************************************************************************************
Any opinions expressed in the email are those of the individual and not necessarily the
City Of Salford. This email and any files transmitted with it are confidential and
solely for the use of the intended recipient.
It may contain material protected by solicitor-client privilege. If you are not the
intended recipient or the person responsible for delivering to the intended recipient, 
be advised that you have received this email in error and that any use is strictly 
prohibited. If you have received this email in error please notify the IT manager by
telephone on +44 (0) 1617933906.
 
********************************************************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to