Firewall Wizards mailing list archives

Re: nating

From: "Anand Vidhani" <avidhani () ggn aithent com>
Date: Wed, 23 Jan 2002 16:23:58 +0530

Hi Jeroen,

Thanks for your response.

I have tried this but it was not working.
I thing when we add route
c:> route add 208.122.29.69 172.16.0.81
and
c:> route add 208.122.29.69 172.16.0.98
how it will define which packet is for 98 or 81, bcoz I have read in
some docs that firewall reads NATING in last. It first read routing.
can we add route on service base or any priority base.

Please help.

Thanks
Anand Vidhani





----- Original Message -----
From: "Jeroen Veeren" <j.veeren () pointnet nl>
To: "'Anand Vidhani'" <avidhani () ggn aithent com>;
<firewall-wizards () nfr com>
Sent: Wednesday, January 23, 2002 3:02 PM
Subject: RE: [fw-wiz] nating

Hi,

You probably mean 208.122.29.69 for the webserver.
I have never tried this myself, but it sounds possible.
The firewall allready arps and routes 208.122.29.69 to the

172.16.0.20.

If both the servers are on the same subnet, there is nothing to

change

there.

So the only thing there is to change is your nat rulebase.
I would try the following:
Edit the rule that probably reads
any --- 208.122.29.69 --- any | any --- 172.16.0.81 --- any
to:
any --- 208.122.29.69 --- nntp | any --- 172.16.0.81 --- nntp
then add a new rule saying
any --- 208.122.29.69 --- http | any --- 172.16.0.98 --- http

Of course you're rulebase additionally needs to allow http access

in.


Hope this helps,

Jeroen.


-----Oorspronkelijk bericht-----
Van: Anand Vidhani [mailto:avidhani () ggn aithent com]
Verzonden: zondag 20 januari 2002 18:46
Aan: firewall-wizards () nfr com
Onderwerp: [fw-wiz] nating


Hello,

I am using checkpoint firewall on NT 4.0.
I have a valid IP on firewall 208.122.29.72 and local 172.16.0.20.
I am using one to one NATing between valid IP 208.122.29.69 and

local

IP 172.16.0.81.On local IP I am using only 119 port (NNTP ) for the
external users other services I have blocked for the external users.
I am also using web server on local IP 172.16.0.98.
Now I want to use valid IP 203.122.29.69 through NATing for web
server.
I want to use the NATing on service base.
Can we do this?. If yes please tell me in detail.

Thanks
Anand Vidhani












_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

nating Anand Vidhani (Jan 20)
- <Possible follow-ups>
- RE: nating Jeroen Veeren (Jan 23)
  - Re: nating Anand Vidhani (Jan 23)
- RE: nating Jeroen Veeren (Jan 23)
- RE: nating Robert Reeves (Jan 24)