Re: [FW-1] Problems With Static NAT and ARP

Subject:	Re: [FW-1] Problems With Static NAT and ARP
From:	Ben Wilson <bwilson AT PSECU DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 31 Mar 2005 07:32:13 -0500

Hi,
  I just started using SPLAT also. For my manual NAT rules, I had to
manually add the ARP entries (BTW, there is a, "addarp" command for
this), AND add a route for the NATed address to my internal network.

The easiest way I found to do this was with the sysconfig command.

Additionally, proxy arp is not enabled by default on SPLAT.

Try: echo /proc/sys/net/ipv4/conf/{translated interface}/proxy_arp

If that is "0", then: echo 1 > /proc/sys/net/ipv4/conf/{translated
interface}/proxy_arp

I had to added this to /etc/rc.d/rc.local to survive reboots.

Hope that helps!
Ben Wilson

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 [mailto:FW-1-
> MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Diego F. Lastra S.
> Sent: Wednesday, March 30, 2005 10:00 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Problems With Static NAT and ARP
>
> Hello guys,
>
> I have a problem related with NAT. I have a distribuited
configuration.
> Using a SPLAT NG R55 with Checkpoint NG AI R55 over a Intel Platform
> running
> on the firewall. The problem is that I have a server under the
firewall
> configured as a MAIL server. This server receives POP, SMTP and IMAP.
>
> For some reason this server does not receive connections from
Internet. I
> even check the LOG TRACKER with a Filter and cannot find any
connection to
> the MAIL server.
>
>
>
> When I enter the firewall console it does not display ARP related to
that
> server. Wich I found very weird, since I have a different firewall
running
> on a Nokia IP330 Checkpoint NG R55 and all the Static NAT's configured
in
> that firewall appear as Permanent Published ARP.
>
>
>
> So I manually published ARP entry using the command:
>
>
>
> arp -s [IP] [MAC] pub
>
>
>
> Using in [IP] the ip address assigned to the NAT and using as [MAC]
the
> mac
> address of the external interface of the firewall.   The ARP entry
finally
> shows up at the ARP table of the firewall. But still it does not
receive
> any
> connection from the outside.
>
>
>
> Do you guys have any idea?
>
>
>
> _______________________________________________
> Diego F. Lastra S.
>
> Infraestructura y Soporte Xertix
>
> Conm. ++52-55-3003-1300
>
>      Dir. ++52-55-3003-1381
>
>  <http://www.xertix.com> http://www.xertix.com
>
> _______________________________________________
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

-----------------------------------------
The information contained in this email is confidential and is intended
solely for the use of the person identified and intended as the recipient.
If you are not the intended recipient, any disclosure, copying,
distribution, or taking of any action in reliance on the contents is
prohibited. If you receive this message in error, contact the sender
immediately and delete it from your computer. Personal e-mails are
restricted by PSECU policy. As such, PSECU specifically disclaims any
responsibility or liability for any personal information or opinions of the
author expressed in this email.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Problems With Static NAT and ARP, Diego F. Lastra S. Re: [FW-1] Problems With Static NAT and ARP, Ben Wilson <= Re: [FW-1] Problems With Static NAT and ARP, Diego F. Lastra S. Re: [FW-1] Problems With Static NAT and ARP, Diego F. Lastra S. Re: [FW-1] Problems With Static NAT and ARP, Hill, Lindsay, VF-NZ

Previous by Date:	[FW-1] Réf. : [FW-1] Using HTTP Proxies, Bertrand KLOTZ
Next by Date:	[FW-1] Securemote + DialUp Connection, Michel Lapointe
Previous by Thread:	[FW-1] Problems With Static NAT and ARP, Diego F. Lastra S.
Next by Thread:	Re: [FW-1] Problems With Static NAT and ARP, Diego F. Lastra S.
Indexes:	[Date] [Thread] [Top] [All Lists]