this is the way to do nat, so nothing crude about it...
-from external router, route legal ip's to the fw's outside
-create the object on the fw, define the legal and illegal addresses
-add a route on the fw: route add <legal ip> <illegal ip>
corne
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On
> Behalf Of Dan
> Guinn
> Sent: Thursday, February 15, 2001 7:03 PM
> To: Fw-1-Mailinglist
> Subject: RE: [FW1] single static IP for NAT
>
>
>
> I have had the same problems as well...
>
> as a work-around, I put a static route in on my router to the
> firewall for
> the addresses to be natted, and a static route on the
> firewall routing the
> external statics to the appropriate internal address. Kinda
> crude, but it
> works.
>
> Dan Guinn
> NetStar Communications
>
> -----Original Message-----
> From: Michael Wozniak [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 15, 2001 11:21 AM
> To: Fw-1-Mailinglist
> Subject: RE: [FW1] single static IP for NAT
>
>
>
>
> Kai, I assume by your .sig, you are running FW-1 on Linux. I
> am having
> the same problem and Checkpoint has been unable to help me so
> far (I have
> 9 10/100 interfaces and various reserved and non-reserved subnets with
> assorted types of NAT in all directions but I can't even get
> Static NAT
> to work with just 2 interfaces.) I am attempting in install
> on NT as an
> interim measure.
>
> Can anyone suggest a configuration of Linux that FW-1 works with?
>
> Mike
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On
> Behalf Of Kai
> > Kretschmann
> > Sent: Thursday, February 15, 2001 00:26
> > To: [EMAIL PROTECTED]
> > Subject: [FW1] single static IP for NAT
> >
> >
> >
> > Once more and more detailed question:
> > I reduced my rules to the bare nedded once. I have a rule for
> > incoming http
> > which I permit to a internal host which has a private IP.
> >
> > It is static NATed to the firewalls external interface. I
> can see the
> > accepted packets in the log and they even get translated
> from the old
> > destination (the firewall) to the new one (the internal
> host). I can see
> > via snoop on the external i/f the incoming request but I don't
> > see anything
> > going out of the firewall again via snoop on the internal device.
> >
> > Is there anything I missed with routing, arp etc? I don't
> think it should
> > be needed, as the two interfaces on the firewall are well known
> > to solaris,
> > the servers can be pinged happily.
> >
> > I really need a detailed example of a working very simple net,
> > one real IP,
> > a private local net and one service (http) allowed to come in.
> > Please, :-)
> >
> >
> > --
> > "The software said it requires Windows 95 or better, so I
> installed Linux"
> >
> > M.I.T newmedia Tel. 06172-7100-139
> > Am Zollstock 1 FAX 06172-7100-10
> > D- 61381 Friedrichsdorf
> >
> >
> >
> > ==================================================================
> > ==============
> > To unsubscribe from this mailing list, please see the
> instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > ==============
>
>
>
> ==============================================================
> ==============
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==============
> ====
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
