Greetings,
I have encountered a problem with NAT'ng on Firewall-1. First, I'm running Firewall-1 v4.1 SP1 on a NT 4.0 server with SP6. I have 2 interfaces, one public and one private. I think one thing that is hindering my efforts is the fact that this firewall is not the default gateway for the network (gateway of last resort) I am trying to make the FTP service on my Linux box accessible to the internet. I have created a local.arp file that answers for the legal IP and entered a route add command that routes the proxy arped IP to the internal IP. I have created the appropriate NAT and Security rules to allow this service to pass as listed below:
When I try to install this policy I get the following error:
Security and Address Translation Policy Verification:
Invalid <Any> in Source of Address Translation Rule 1.
<Any> is valid only if the matching Translated column is <Original>.
Now if I change the ORG-source and Dest-source in Nat rules 1&2 to a workstation object of one of my clients, it works great but then no one else can access the FTP service thus needing the <any> object. I know if this firewall was the default gateway to the internet that the above rules would work OK but my situation has stumped me and that is why I have come to you guys for help in hopes that there might be a work around or simple fix that I'm missing.
Thanks for any help,
Mark
I have encountered a problem with NAT'ng on Firewall-1. First, I'm running Firewall-1 v4.1 SP1 on a NT 4.0 server with SP6. I have 2 interfaces, one public and one private. I think one thing that is hindering my efforts is the fact that this firewall is not the default gateway for the network (gateway of last resort) I am trying to make the FTP service on my Linux box accessible to the internet. I have created a local.arp file that answers for the legal IP and entered a route add command that routes the proxy arped IP to the internal IP. I have created the appropriate NAT and Security rules to allow this service to pass as listed below:
When I try to install this policy I get the following error:
Security and Address Translation Policy Verification:
Invalid <Any> in Source of Address Translation Rule 1.
<Any> is valid only if the matching Translated column is <Original>.
Now if I change the ORG-source and Dest-source in Nat rules 1&2 to a workstation object of one of my clients, it works great but then no one else can access the FTP service thus needing the <any> object. I know if this firewall was the default gateway to the internet that the above rules would work OK but my situation has stumped me and that is why I have come to you guys for help in hopes that there might be a work around or simple fix that I'm missing.
Thanks for any help,
Mark