Firewall Wizards mailing list archives
RE:
From: "Joe Ippolito" <joe () joesnet com>
Date: Sun, 16 Jan 2000 23:17:38 -0800
If I am interpreting your questions correctly, I believe you are trying to do static address translation. If so, have you set up your static translations in %systemroot%\fw\state\local.arp? You will need the IP's of each "legal" address and the MAC address of the firewall's external NIC. Use IPCONFIG /all and copy the MAC address from the external interface (it is easier that way). A reboot is required. Also, if you are using the automatic NAT within the object you should not have to create a second (external) object. Better yet, don't do static address translation. I do not believe it is worth the complication. Put your mail relay, web, ftp, etc. in a DMZ with real addresses and give your internal network private (10.x, 192.168.x, 172.16-31.x) addresses. Use "hide" translation for the internal network. Hide translation provides added security but I am not sure static translation does much more than make life more complicated. -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Todd Mera Sent: Friday, January 14, 2000 7:40 AM To: owner-firewall-wizards () lists nfr net Subject: I have a checkpoint firewall (FW-1 v4.0) running on NT4 with service pack 4. I setup the persistent routes and the network objects on the internal and external side of my network. I am trying to get the firewall to reroute (remap) mail and web traffic to my internal machines. The internal network objects have NAT selected. My users can get out but no mail comes in even after setting up the rules. What's up? Rupert the Monkey Boy
Current thread:
- [no subject] Todd Mera (Jan 16)