[FW1] fwxlconf not un-NAT'ing addresses

Tue, 28 Nov 2000 11:30:27 -0800 


I'm having some trouble trying to un-NAT some addresses on 
FW-1 4.0 Solaris using fwxlconf.

The addresses in question are:

  10.10.30.65
  10.10.100.34
  10.10.100.35

Those addresses were getting translated before.  Now, I'd like
for them to stay as is without xlation.

Here's what my xlate.conf looks like (with bogus IP's):

fwx_translation={
   <0, 10.10.102.2, 10.10.102.254, FWXT_DST_STATIC, 172.16.37.2, 0>,
   <1, 10.10.103.2, 10.10.103.254, FWXT_DST_STATIC, 172.16.38.2, 0>,
   <2, 172.16.37.2, 172.16.37.254, FWXT_SRC_STATIC, 10.10.102.2, 0>,
   <3, 172.16.38.2, 172.16.38.254, FWXT_SRC_STATIC, 10.10.103.2, 0>,
   <4, 10.10.30.65, 10.10.30.65, FWXT_SRC_STATIC, 10.10.30.65, 0>,
   <5, 10.10.100.34, 10.10.100.34, FWXT_SRC_STATIC, 10.10.100.34, 0>,
   <6, 10.10.100.35, 10.10.100.35, FWXT_SRC_STATIC, 10.10.100.35, 0>,
   <7, 10.10.2.0, 10.10.9.32, FWXT_HIDE, 10.10.11.11, 0>,
   <8, 10.10.9.34, 10.10.11.10, FWXT_HIDE, 10.10.11.11, 0>,
   <9, 10.10.11.12, 10.10.30.4, FWXT_HIDE, 10.10.11.11, 0>,
   <10, 10.10.30.6, 10.10.30.8, FWXT_HIDE, 10.10.11.11, 0>,
   <11, 10.10.30.10, 10.10.30.19, FWXT_HIDE, 10.10.11.11, 0>,
   <12, 10.10.30.21, 10.10.30.54, FWXT_HIDE, 10.10.11.11, 0>,
   <13, 10.10.30.56, 10.10.30.56, FWXT_HIDE, 10.10.11.11, 0>,
   <14, 10.10.30.58, 10.10.30.70, FWXT_HIDE, 10.10.11.11, 0>,
   <15, 10.10.30.72, 10.10.30.129, FWXT_HIDE, 10.10.11.11, 0>,
   <16, 10.10.30.130, 10.10.30.130, FWXT_HIDE, 10.10.9.50, 0>,
   <17, 10.10.30.131, 10.10.101.255, FWXT_HIDE, 10.10.11.11, 0>,
   <18, 10.10.105.3, 10.10.148.255, FWXT_HIDE, 10.10.11.11, 0>
};     

The old xlate.conf was identical, minus #'s 4, 5 and 6.
I've also tried punching holes in the ranges to exclude the 3 addresses
above, rather than using the SRC_STATIC, but that didn't work either.

After making the changes, I've fwstop'd and fwstart'd and even 
rebooted the firewall, but no deal.  They still get NAT'd to
10.10.11.11.

I've never had this much trouble before.  Anyone have any ideas
as to what I might be missing?

-----
Kirk M. Vogelsang <[EMAIL PROTECTED]>
Northeastern University College of Computer Science



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to