Re: [FW-1] Routing

Subject:	Re: [FW-1] Routing
From:	Tom Stala <stala AT TAMPABAY.RR DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 27 Jul 2004 08:58:08 -0400

create the node object with the 172 address of your internal network,

click on translation tab set it to static and then put your 228 address
there

----- Original Message -----
From: "Darren Grant" <darren.grant AT DISCOVERYSOFTWARE DOT COM>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Tuesday, July 27, 2004 1:21 AM
Subject: [FW-1] Routing


> If anyone could let me know what we did wrong, I'd appreciate it.
>
> We have a Windows 2000 Server(SP4) with checkpoint firewall-NG(FP3)
> running a DMZ (about a dozen real IP's) and an internal NAT'd LAN
> (172.16.x.x).
> We have a web server in our internal LAN (172.16.2.77).  We want to open
> up outside access to that box, without moving it into the DMZ.
>
> What we did...
>
> On the firewall server we created an object using a real IP address
> (x.x.x.228) from our DMZ range.  Next we created a rule allowing
> incoming HTTP and ICMP traffic to that object.  We installed the
> policy.  Then we openned a command prompt and created a route using:
>
> route add -p x.x.x.228 172.16.2.77
>
> Using the log tracker, we can see the incoming packets (ping and http)
> destined for the real IP (x.x.x.228) get to the firewall (they're
> green)... but that's it... nothing seems to get routed on to the
> internal web server... or get back.
>
> Is there something really stupid we didn't do?  Any help would be
> greatly appreciated.
>
> Thanks,
> Darren
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Routing, Darren Grant Re: [FW-1] Routing, Mike Feetham Re: [FW-1] Routing, Tom Stala <= Re: [FW-1] Routing, Steck, Steffen M. Re: [FW-1] Routing, Darren Grant Re: [FW-1] Routing, John Lindblom

Previous by Date:	[FW-1] Dynamic IP IP30 VPN with R55, Stewart Williams
Next by Date:	Re: [FW-1] Secure Remote for OS X, Campbell, Neil
Previous by Thread:	Re: [FW-1] Routing, Mike Feetham
Next by Thread:	Re: [FW-1] Routing, Steck, Steffen M.
Indexes:	[Date] [Thread] [Top] [All Lists]