RE: [FW1] Hiding multiple servers behind 1 IP address

Thu, 05 Oct 2000 18:39:07 -0700 


Hide mode only allows access out. You cannot initiate a connection outside
the firewall to an internal host when using Hide NAT. 
The user is looking for the firewall to forward packets to a defined server
when destined for the same address, and deciding that address by looking at
the destination port number.

Not a good solution.

Thomas Poole

-----Original Message-----
From: Jason Witty [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 05, 2000 1:28 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] Hiding multiple servers behind 1 IP address



It's called hide-mode NAT in FW-1.  An example NAT rule would look like
this (obviously you need an access rule as well):

ORIGINAL PACKET                 NATted PACKET
SOURCE          DEST            SOURCE          DEST
internal-net    ANY             hide-addr       ORIG

Hope this helps.

Jason

Todd Ginther wrote:
> 
> Hello All,
> 
> I haven't seen a FW-1 solution to something that I currently do with
another firewall product - that is to be able to advertise a single IP out
to the world (firewall external interface) and have the firewall direct
inbound Internet traffic to different internal servers based soley on which
port the firewall gets hit on.
> 
> Example:
> 
>   -Advertised IP address is abc.123.123.1
> 
>   -Traffic hits abc.123.123.1:18000 gets redirected
>    to an internal server, machine alpha.
> 
>   -Traffic hits abc.123.123.1:19500 gets redirected
>    to a different internal server, machine beta.
> 
> Any ideas?  I would prefer not to have to use up a bunch of IP's to do
one-to-one NAT.
> 
> Thanks in advance, all!
> 
> Regards,
> 
> -Todd
> 
> _____________________________________________________________
> Want a new web-based email account ? ---> http://www.firstlinux.net
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to