If anyone could let me know what we did wrong, I'd appreciate it.
We have a Windows 2000 Server(SP4) with checkpoint firewall-NG(FP3)
running a DMZ (about a dozen real IP's) and an internal NAT'd LAN
(172.16.x.x).
We have a web server in our internal LAN (172.16.2.77). We want to open
up outside access to that box, without moving it into the DMZ.
What we did...
On the firewall server we created an object using a real IP address
(x.x.x.228) from our DMZ range. Next we created a rule allowing
incoming HTTP and ICMP traffic to that object. We installed the
policy. Then we openned a command prompt and created a route using:
route add -p x.x.x.228 172.16.2.77
Using the log tracker, we can see the incoming packets (ping and http)
destined for the real IP (x.x.x.228) get to the firewall (they're
green)... but that's it... nothing seems to get routed on to the
internal web server... or get back.
Is there something really stupid we didn't do? Any help would be
greatly appreciated.
Thanks,
Darren
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
