Re: [FW-1] Port forwarding

[GoddardM [Permanent Link]]

The NAT.

What exactly are you trying to do? My guess would be:

Source            Dest        Service           to Source   Dest
Service
distant_ssh Public IP   SSH         Original          Lan_SSH     SSH

ALSO might want to add right below it:

lan_ssh           distant_ssh       SSH         Public IP   Original
SSH

Regards,
Matt Goddard
Security Information Team
Schneider National
920-592-4787
goddardm AT schneider DOT com



|---------+-------------------------------------------->
|         |           Chanoine                         |
|         |           <yannick.chanoine AT CLAMART DOT FR>    |
|         |           Sent by: Mailing list for        |
|         |           discussion of Firewall-1         |
|         |           <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
|         |           KPOINT.COM>                      |
|         |                                            |
|         |                                            |
|         |           09/28/2004 04:35 AM              |
|         |           Please respond to Mailing list   |
|         |           for discussion of Firewall-1     |
|         |                                            |
|---------+-------------------------------------------->
  
>----------------------------------------------------------------------------------------------|
  |                                                                             
                 |
  |       To:       FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM           
                        |
  |       cc:                                                                   
                 |
  |       Subject:  [FW-1] Port forwarding                                      
                 |
  
>----------------------------------------------------------------------------------------------|




Hello,

I have a little problem configuring  a one to one communication on a
specific port through my checkpoint NG r55.

I have a server on my LAN that must accept incoming SSH communication so
I specified my rules like this :

Distant host -> ssh_server -> tcp 22 -> accept

And NAT (static) :
Orig Src          Orig Dst    Service    Xlate Src        Xlate Dst
Service
Distant host      public_IP    SSH        distant_host    ssh_srv
SSH


But it fails.

What's wrong?

Thanks for your help.

Yannick

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================