Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT Problem in CP-Firewall(ver4.1) for WindowsNT

Status
Not open for further replies.
baskar

baskar

Programmer
Oct 12, 2002
1
0
0
US
I have a hostA 10.1.3.15 which is on the internal network. It can ping to the Firewall [205.148.243.2] and to the router [205.148.243.1]

without any problems.

On the Firewall I have static Address Translation for the 10.1.3.15 and set it as 205.148.243.3

The problem is I can PING to the firewall [205.148.243.2] successfully from the internal and external network but CANNOT ping to the static address [205.148.243.3] either from the internal nor from the external network. Even from the Firewall server, I CANNOT ping to the NATed address [205.148.243.3]

I have set the NAT and rules properly.

Any help to fix this problem will be greatly appreciated!

 
Sort by date Sort by votes
When using Static Source or Hide mode, you must ensure the translated (legal) addresses are published, so that replies can be routed back to the firewall.

For NT the arp command does not allow permanent entries. Because of this CheckPoint created the following feature.

C:\winnt\fw\state\local.arp

The format of local.arp is

IP address <TAB> External MAC-address

where IP address is the address of the Firewall's external interface and the external mac address as well.

Make sure you that you don't add anything else to this file that is not needed. After creating local.arp stop and start the Firewall service.

Have fun

damanford@hotmail.com
CCSA/CCSE
 
Upvote 0 Downvote
If you are setting up Static NAT you will need to do two things. The first is the local.arp entry mentioned above. The IP address you add to this file must be the new NAT address, 205.148.243.3 in your case. You do not need an entry for the FW IP address, because that is already published.

The local.arp entry will tell routers etc that the .3 IP address can be found on the FW's external MAC address, and forward packets for that address onto your FW. The next step is to tell your FW where to send it, by adding a permanent route:

route add -p 205.148.243.3 10.1.3.15

This will then get packets from the router to your internal machine (as long as your FW rulebase allows it).


Jon
 
Upvote 0 Downvote
system: nt 4 ws providing firewall services for a small 4 server domain (pdc,bdc/exchange,web,apps) with firewall_1 ver 4.1 sp 1 running have been able to configure to pass Internet access to all users behind the firewall.

e-mail is being passed to Exchange server in/out

have been unsuccessful at configuring the system to pass http/https to the web server. The firewall log file shows that the addressing is being translated to the proper webserver but no one can access the web site. From inside the firewall the web site can be accessed by it's ip but not by the domain name.

If the web server(w2k with iis5) is brought out from behind the firewall all web services are available to the public.

How do I get this checkpoint configured to pass the http services so that I can get the web server behind the firewall???


Thanx
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
154
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
165
intel233
intel233
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
128
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
179
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
53
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top