[FW-1] Advanced (yeah, right) NAT question

Subject:	[FW-1] Advanced (yeah, right) NAT question
From:	Chontzopoulos Dimitris <dchontzo AT ABC DOT GR>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 30 Mar 2005 02:09:53 +0300

Hello gurus of the list,

I have fresh-installed a brand new NG R55W with AI (distributed installation
-> 1 x Management Server & 2 Firewalls) and I'm facing some problems with
NAT... NG R55W with AI is installed on a Win2K Server with SP4 and all
hotfixes.

My firewall has 4 interfaces:

1 inside my LAN (192.168.241.x/24) -> NET_A
1 inside a LAN where other firewalls exist (192.168.69.x) -> NET_B
1 inside a dummy network (172.16.26.0/24) -> NET_C
1 inside another dummy network (172.16.27.0/24) -> NET_D

What I'm trying to do is the following:

Configure a server with NAT from LAN_A to be advertised in all other NETs ->

SERVER01 is situated on NET_A (192.168.241.100) and I want him advertised
as:
192.168.69.100 on NET_B
172.16.26.100 on NET_C
172.16.27.100 on NET_D

Can it be done? I have added some static routing entries in the
corresponding firewall that handles all of the above NETs, added Manual
Address Translation rules, but, what a surprise, there are no Proxy Arp
entries for the thing to work...

Is there a way for it to work? My guess is *YES*, it can work, if you:

01. Define 1 Network Object in NET_A (done that) 192.168.241.100
02. Define 1 Network Object in NET_B (done that) 192.168.69.100
03. Define 1 Network Object in NET_C (done that) 172.16.26.100
04. Define 1 Network Object in NET_D (done that) 172.16.27.100
05. Add the appropriate static routes (done that)
   a. route add -p 192.168.69.100 192.168.241.100
   b. route add -p 172.16.26.100 192.168.241.100
   c. route add -p 172.16.27.100 192.168.241.100
06. Configure *STATIC* NAT rules (done that)
07. Configure Manual Proxy ARP rules (how do I do that?)

In the past, I used that magic file called "local.arp" with tremendous
success. Is there a way to use it now (remember, it is a distributed
installation)? If so, where should I place the file?

Thanx and I apologize if I'm asking stupid questions; I've been trying to
accomplish the above (07) for the last 6 hours or so, so ANY - ME - HELP -
LOG, will be greatly appreciated.

Cheers,


Dimitris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Advanced (yeah, right) NAT question, Chontzopoulos Dimitris <= Re: [FW-1] Advanced (yeah, right) NAT question, Erik Ahlström Re: [FW-1] Advanced (yeah, right) NAT question, Chontzopoulos Dimitris Re: [FW-1] Advanced (yeah, right) NAT question, Chontzopoulos Dimitris Re: [FW-1] Advanced (yeah, right) NAT question, Niraj Patel

Previous by Date:	[FW-1] Manual NAT and udp port unreachable, Niraj Patel
Next by Date:	Re: [FW-1] VPN1 Edge - R55 Site to Site VPN, Ray
Previous by Thread:	[FW-1] Manual NAT and udp port unreachable, Niraj Patel
Next by Thread:	Re: [FW-1] Advanced (yeah, right) NAT question, Erik Ahlström
Indexes:	[Date] [Thread] [Top] [All Lists]