[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NAT not working

To: Karen Cochran <Karen.Cochran@vistait.com>
Subject: Re: [FW1] NAT not working
From: Dan.Hitchcock@continentalinc.com
Date: Tue, 12 Oct 1999 10:16:11 -0700
Cc: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>




The trick is this:

On the workstation properties of your firewall object, make sure that the type
is Gateway, and that both "Exportable" and "Firewall-1Installed" boxes are
checked, and select the appropriate version of Firewall-1.  Then, define the
interfaces on the firewall object.  Do not do anything with NAT on this object.

Next, create a network object of type Network for your internal network.  Define
the IP address for the subnet (e.g. 10.0.0.0) and the mask (e.g. 255.0.0.0).
Define the object as internal.  Then, on the NAT tab, select "add automatic
translation rules," set type to "hide," give the the address of the external
interface of the firewall as the hiding IP address, and choose to install it on
your firewall object.

That's the basics - not sure if anything else in your setup might need tweaking.
Good luck!

Dan Hitchcock
Network Administrator
Continental Savings and Mortgage





Karen Cochran <Karen.Cochran@vistait.com> on 10/12/99 09:19:03 AM

To:   "'fw-1-mailinglist@lists.us.checkpoint.com'"
      <fw-1-mailinglist@lists.us.checkpoint.com>
cc:    (bcc: Dan Hitchcock/CSB)

Subject:  [FW1] NAT not working





Currently I have a CheckPoint Firewall-1 installed on a Windows NT 4 server.
NT Service Pack 4 has been applied as well as the quick fixes from
Microsoft. I started with ChekPoint's Service Pack 4 installed. Then I
uninstalled it and went back to ChekPoint's Service Pack 2. I have since
uninstalled Service Pack 2 so only the original application should be
installed. The firewall can surf the internet and ping/view the internal
network in any of these senerios. The internal network is configured with a
10.0.0.0 Mask 255.0.0.0 addressing. I want to NAT the internal users with a
single hide address. I can not seem to NAT out to the internet either with
static or hide for either a single system, the internal network or an
address range defined.

I have tested the router and it will allow for the valid ip I am trying to
access the internet. My only rule at this time is:
ANY ANY ANY Accept.

IP forwarding is enabled.

I have tried cutting down the size of the internal network to a single class
C. This did not work.

At this time I have 2 NIC's - one to the router and one to a hub with a
single workstation off it. I have defined the firewall itself. I have tried
defining the network and also defining the workstation (2 different
senerios) and neither worked.

HELP! I am stumped!


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] New version of FW-1?
Next by Date: [FW1] how to block cyberdildonics port?
Prev by thread: [FW1] NAT not working
Next by thread: RE: [FW1] NAT not working
Index(es):
- Date
- Thread