RE:

["Joe Ippolito" <joe () joesnet com>]

If I am interpreting your questions correctly, I believe you are trying to
do static address translation.  If so, have you set up your static
translations in %systemroot%\fw\state\local.arp?   You will need the IP's of
each "legal" address and the MAC address of the firewall's external NIC.
Use IPCONFIG /all and copy the MAC address from the external interface (it
is easier that way).  A reboot is required.  Also, if you are using the
automatic NAT within the object you should not have to create a second
(external) object.

Better yet, don't do static address translation.  I do not believe it is
worth the complication.  Put your mail relay, web, ftp, etc. in a DMZ with
real addresses and give your internal network private (10.x, 192.168.x,
172.16-31.x) addresses.  Use "hide" translation for the internal network.
Hide translation provides added security but I am not sure static
translation does much more than make life more complicated.

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Todd Mera
Sent: Friday, January 14, 2000 7:40 AM
To: owner-firewall-wizards () lists nfr net
Subject:


I have a checkpoint firewall (FW-1 v4.0) running on NT4 with service pack 4.
I setup the persistent routes and the network objects on the internal and
external side of my network.  I am trying to get the firewall to reroute
(remap) mail and web traffic to my internal machines.  The internal network
objects have NAT selected.  My users can get out but no mail comes in even
after setting up the rules.  What's up?

Rupert the Monkey Boy