Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Two IP Ranges

from John Sims [Permanent Link]
Subject: Re: [FW-1] Two IP Ranges
From: John Sims <jsims AT TRUENORTHSOLUTIONS DOT NET>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 16 Jan 2006 10:30:16 -0500 
Alvaro:

Here are the steps I have come up with for accomplishing this:

Adding a new block of addresses to the firewall for Static NAT on
SecurePlatform

The following example illustrates adding a new block of addresses to the
external interface of the firewall to be used for static NAT through the
firewall.

1) Add one of the addresses from the block to the firewall's external
interface:
>sysconfig
Choose a configuration item ('e' to exit):
------------------------------------------------------------------
1) Host name 7) DHCP Server Configuration
2) Domain name 8) DHCP Relay Configuration
3) Domain name servers 9) Export Setup
4) Time and Date 10) Products Installation
5) Network Connections 11) Products Configuration
6) Routing
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 5
Choose a network connections configuration item ('e' to exit):
------------------------------------------------------------------
1) Add new connection 3) Remove connection
2) Configure connection 4) Show connection configuration
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 1
Choose a connection type to add ('e' to exit):
------------------------------------------------------------------
1) Secondary IP on interface (alias) 3) PPPoE connection
2) VLAN 4) PPTP connection
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 1
Add a secondary IP (alias) to interface ('e' to exit):
------------------------------------------------------------------
1) eth0
2) eth1
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 2
Enter IP address for eth1:1 (press 'c' to cancel): 20.30.40.51
Enter network mask of the interface eth1:1 (press 'c' to cancel):
255.255.255.0
Enter broadcast address of the interface eth1:1 (leave empty for
default):
The interface is configured.
Current interface configuration is:
eth1:1 ip: 20.30.40.51, broadcast: 20.30.40.255, netmask: 255.255.255.0
Press Enter to continue...



2) Add a host route for each address to be proxied:
Choose a configuration item ('e' to exit):
------------------------------------------------------------------
1) Host name 7) DHCP Server Configuration
2) Domain name 8) DHCP Relay Configuration
3) Domain name servers 9) Export Setup
4) Time and Date 10) Products Installation
5) Network Connections 11) Products Configuration
6) Routing
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 6
Choose a routing configuration item ('e' to exit):
------------------------------------------------------------------
1) Add new network route 4) Delete route
2) Add new host route 5) Show routing configuration
3) Add default gateway
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 2
Enter destination host IP address (press 'c' to cancel): 20.30.40.99
Enter gateway IP address (leave empty if the host is on the local net):
172.16.20.9
Enter metric for this route (press 'c' to cancel or leave empty for
default):
Choose a routing configuration item ('e' to exit):

3) Add a static NAT entry to the host object in Smart Dashboard:

4) Install the firewall policy



John
 
________________________________

John A. Sims 
Security Consultant
True North Solutions, an ASC Company
9602 Coldwater Road, Suite 206, Fort Wayne, IN 46825
Office: (260) 469-4040 ext 206 | Fax: (260) 469-4041 | AIM: tnsJSims
Support: 888-550-8507 | 765-747-7205
jsims AT truenorthsolutions DOT net
________________________________

Securing Tomorrow's Networks 
 
 
 

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Alvaro
Gastambide
Sent: Monday, January 16, 2006 8:47 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Two IP Ranges

Hi,
I have a Check Point R55, and i a used all ip's provides by my ISP. So 
my ISP give me another IP range.

To can use static nat with the second range, i have to put the public ip

that i use in static nat as a secondary ip of the internet interface of 
the check point.

Is it the correct way to use a secondary range ? Thanks.

 

Saludos,

Alvaro Gastambide - CCSA - MCSA
Security Advisor
www.sadvisor.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
IMPORTANT: The information contained in this electronic message and/or its
attachments is intended only for the use of the individual(s) named above and
may contain information that is privileged and/or confidential. If you are not
the intended recipient, please notify the sender immediately by reply and
immediately delete this message and all its attachments without making any
copies or distributions thereof. Any review, use, reproduction, disclosure or
dissemination of this message or any attachment by an unintended recipient is
strictly prohibited and may violate copyrights and/or other laws. Neither the 
sender, his or her employer nor any of their respective affiliates makes any 
warranties as to the completeness or accuracy of any of the information 
contained herein or that this message or any of its attachments is free of
viruses.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Secure Client question, Neil Kemp
Next by Date:  Re: [FW-1] preventing SSH tunnels, cisco4ng
Previous by Thread:  [FW-1] preventing SSH tunnels, Tom Brown
Next by Thread:  Re: [FW-1] Two IP Ranges, Hal Dorsman
Indexes:  [Date] [Thread] [Top] [All Lists]