RE: nating

[Jeroen Veeren <j.veeren () pointnet nl>]

Hi,

You're right, i was pointing you into the wrong direction, sorry.
I thought you could static route an ip to a segment, but you can indeed only
static route one ip to one ip.
(It makes sense, some more coffee made me realise that too :)

There is one more option i can think of right now but you'll need at least
4.1 sp3.
If you have that, then look under services.
you'll find http_mapped, ftp_mapped and (i think)smtp_mapped
If you got there, the help file will explain how you can use these services
to get what you want.
You will need to make one user defined service like this for nntp.

Again, i am only theoreticly speaking, so a fair bit of trial and error is
to be expected...

Good luck,
Jeroen.


-----Oorspronkelijk bericht-----
Van: Anand Vidhani [mailto:avidhani () ggn aithent com]
Verzonden: woensdag 23 januari 2002 11:54
Aan: Jeroen Veeren; firewall-wizards () nfr com
Onderwerp: Re: [fw-wiz] nating 


Hi Jeroen,

Thanks for your response.

I have tried this but it was not working.
I thing when we add route
c:> route add 208.122.29.69 172.16.0.81
and
c:> route add 208.122.29.69 172.16.0.98
how it will define which packet is for 98 or 81, bcoz I have read in
some docs that firewall reads NATING in last. It first read routing.
can we add route on service base or any priority base.

Please help.

Thanks
Anand Vidhani





----- Original Message -----
From: "Jeroen Veeren" <j.veeren () pointnet nl>
To: "'Anand Vidhani'" <avidhani () ggn aithent com>;
<firewall-wizards () nfr com>
Sent: Wednesday, January 23, 2002 3:02 PM
Subject: RE: [fw-wiz] nating


> Hi,
>
> You probably mean 208.122.29.69 for the webserver.
> I have never tried this myself, but it sounds possible.
> The firewall allready arps and routes 208.122.29.69 to the
172.16.0.20.
> If both the servers are on the same subnet, there is nothing to
change
> there.
>
> So the only thing there is to change is your nat rulebase.
> I would try the following:
> Edit the rule that probably reads
> any --- 208.122.29.69 --- any | any --- 172.16.0.81 --- any
> to:
> any --- 208.122.29.69 --- nntp | any --- 172.16.0.81 --- nntp
> then add a new rule saying
> any --- 208.122.29.69 --- http | any --- 172.16.0.98 --- http
>
> Of course you're rulebase additionally needs to allow http access
in.
> Hope this helps,
>
> Jeroen.
>
>
> -----Oorspronkelijk bericht-----
> Van: Anand Vidhani [mailto:avidhani () ggn aithent com]
> Verzonden: zondag 20 januari 2002 18:46
> Aan: firewall-wizards () nfr com
> Onderwerp: [fw-wiz] nating
>
>
> Hello,
>
> I am using checkpoint firewall on NT 4.0.
> I have a valid IP on firewall 208.122.29.72 and local 172.16.0.20.
> I am using one to one NATing between valid IP 208.122.29.69 and
local
> IP 172.16.0.81.On local IP I am using only 119 port (NNTP ) for the
> external users other services I have blocked for the external users.
> I am also using web server on local IP 172.16.0.98.
> Now I want to use valid IP 203.122.29.69 through NATing for web
> server.
> I want to use the NATing on service base.
> Can we do this?. If yes please tell me in detail.
>
> Thanks
> Anand Vidhani
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards