Hi,
thanks a lot for your response. I also thought that this will be a
solution, and it is in almost all cases. but the problem is as follows:
Network1 - 192.168.1.0/24 - User hosts (In reality it's a wan with private
IP's)
Network2 - 192.168.2.0/24 - Server network
The servers are nated to the 192.168.1.0 network, so in example, the dns
is 192.168.2.1 but the hosts use 192.168.1.1, and so on. I can not nat the
whole network 1 behind gateway because I need that the DNS sees the
original IP. I also can not say "if destination is network 2 dont nat"
because in fact the hosts dont use destination network2 due to that the
servers are nated to network1. I also can not say "Dont do nat if
destination is network2" because then the dns will not be acesible through
the nated IPs.
I was working with "Group with exclusion" and want to create a rule with
such a group with includes any and excludes the corporate networks. This
group will be the same as saying "Internet" :-). Is there any reason or
document from checkpoint that explains a reason why this could not be
done?
Thanks again for your help,
Regards,
Eric Janz
Departamento de Sistemas
Grupo Barceló Viajes
C\ 16 de Julio, 75
07009 Polígono Son Castelló
Palma de Mallorca - Baleares
Tel.: +34 971 448030
Fax.: +34 971 436986
Robby Cauwerts <robby AT ABSI DOT BE>
Enviado por: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
26/08/2005 16:11
Por favor, responda a
Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Para
FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc
Asunto
Re: [FW-1] How do we exclude some networks from a Nat rule.
If you want to do NAT only for traffic going to the internet use 2 manual
rules like this:
1ste rule for traffic going to your corporate servers
Orig SOURCE Orig DESTINATION Xlated
SOURCE Xlated DESTINATION
your_LAN your_corporate_servers =original
=original
2nd rule for traffic going to the internet
Orig SOURCE Orig DESTINATION Xlated
SOURCE Xlated DESTINATION
your_LAN ANY Hide_NAT_on_GW =original
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
