Thank you...
Tha NAT TAB was updated automatically due to the fact that I create the
Object with a static NAT.
How do you enable or disable the auto-arp feature?
I thing that the problem is related to the ARP table of the firewall.
-----Original Message-----
From: Reinhard Stich [mailto:r.stich AT internet-security DOT at]
Sent: Miércoles, 30 de Marzo de 2005 11:29 p.m.
To: dlastra AT XERTIX DOT COM
Subject: RE: [FW-1] Problems With Static NAT and ARP
hi,
did you use the NAT-tab for the static-NAT? do you have auto-arp
enabled?
you can define the static arp on the internet-router, this should work
as a workaround.
cheers
reinhard
))) Message sent using Nokia One Business Server (((
))) Internet Security AG - www.internet-security.ag (((
--- Original Message ---
From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu Mar 31 04:59:49 CEST 2005
Subject: [FW-1] Problems With Static NAT and ARP
Hello guys,
I have a problem related with NAT. I have a distribuited configuration.
Using a SPLAT NG R55 with Checkpoint NG AI R55 over a Intel Platform running
on the firewall. The problem is that I have a server under the firewall
configured as a MAIL server. This server receives POP, SMTP and IMAP.
For some reason this server does not receive connections from Internet. I
even check the LOG TRACKER with a Filter and cannot find any connection to
the MAIL server.
When I enter the firewall console it does not display ARP related to that
server. Wich I found very weird, since I have a different firewall running
on a Nokia IP330 Checkpoint NG R55 and all the Static NAT's configured in
that firewall appear as Permanent Published ARP.
So I manually published ARP entry using the command:
arp -s [IP] [MAC] pub
Using in [IP] the ip address assigned to the NAT and using as [MAC] the mac
address of the external interface of the firewall. The ARP entry finally
shows up at the ARP table of the firewall. But still it does not receive any
connection from the outside.
Do you guys have any idea?
_______________________________________________
Diego F. Lastra S.
Infraestructura y Soporte Xertix
Conm. ++52-55-3003-1300
Dir. ++52-55-3003-1381
<http://www.xertix.com> http://www.xertix.com
_______________________________________________
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
