Jeff,
Why do i need to add an arp entry?? I am using the same ip address as the
external interface of the firewall. I thought arp entries are required only if
one is using other (valid addresses).
Maybe i wasn't clear in my message earlier.
Here is the situation...
e.g. 200.2.3.3 10.0.0.1
Internet -------------------------> <----FW1-----> Internal Private Network
10.0.0.0 (255.255.255.0)
10.0.0.5 www
10.0.0.10 ftp
ftp 200.2.3.3 should be NAT to 10.0.0.10
and www 200.2.3.3 should be NAT to 10.0.0.5
Thanks,
-Imran Ali
"Leggett, Jeff" wrote:
> You need to setup your firewall to Proxy ARP for the internally NAT'ted
> addresses. We do this quite extensively actually.
>
> On the Nokia boxes you go into Voyager and add a proxy arp entry under the
> interfaces choice.
> In FW-1 add two objects. One os the actual internal object with a NAT
> defined on it for the external rule. Then add an object that is the
> external address as a "placeholder" for the actual rule.
>
> On Sun - I'd have to go look it up.... haven't done inbound NAT there
> (somebody wanna enlighten us?)
>
> On NT - shame on you - get a real box....
>
> Example:
>
> an internal mail server with address 192.168.1.5 it's valid external
> address is 200.100.10.10. named mail1 or something
>
> then a placeholder object with just the address 200.100.10.10 i usally name
> these the same as the first but with a -valid tag (such as mail1-valid).
>
> In a rule say
>
> Any mail1-valid ftp, http, smtp (whatever) target to install
> and logging as you choose
>
> Kapische? Hope that's clear....
> ---
> Jeff Leggett, CCSA/CCSE, Linux Certified
> Network Security Management Consultant
> Verizon Wireless
> (o)678-339-5440
> (m)678-613-5440
>
> -----Original Message-----
> From: Imran Ali [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 2:21 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] How to setup ftp and htttp w/ FW-1 External Interface
> Only
>
> Does anybody knows how to redirect ftp and www to internal servers with
> only fw-1 external (valid ip) address. I also have interal users that
> need access to http,ftp, and telnet. I have done NAT with internal users
> going out via a NAT hiding translating rule and ftp and www are done
> with static rules. I also have appropriate access rules in fw-1. I can
> see packets entering the fw in the logs but it seems like they are not
> routed (or getting out of the fw).
>
> Thanks in advance
> -Imran Ali
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
