>-----Original Message-----
>From: noor sayed [mailto:[EMAIL PROTECTED]]
>Sent: Saturday, June 10, 2000 12:26 PM
>To: [EMAIL PROTECTED]
>Subject: NAT Checkpoint Firewall 1
>Installed Checkpoint Firewall 1 with three Network Interface.
>One is connecting to the outside world, one to local-net and other to DMZ. (for Local-net and DMZ 192.168.xx.xx ip address has been >used)
First, i think you shouldn't use the same ip address range both for your on local-net and DMZ.
>configured the workstation properties of the mail server using static NAT.
>i use the route add command on the fire wall machine for mapping the Private IP address of the mail server to Public one.
you don't need use the route command for routing. you can use FW-1's rule for routing. Also, is ICMP feature on the FW-1 open? You can see it from logs of FW.
>PROBLEM
>1) My mail server is on the Local-net From the firewall i cannot ping the mail server Private IP address (192.168.xx.xx), but i can ping >the network interface connected to the local-net on the firewall machine . i cannot even ping the Public IP address which i have map to the mail-srv.
Because when the FW-1 has ping, FW send this request to the outside because of NAT. If your FW is on UNIX or Linux you can scan this situation with "tcpdump". If you want to use NAT. You should create an "Address-range" into the FW-1 that contains all of your clients. and write appropriate rule.
Best regards..
Ilker G.
