Here are my instructions on setting this up which I think are a little bit
easier since I don't edit /etc/ethers for every manual nat. These
instructions are based on the info in sk8022.
1. Logon to the firewall's console locally or via ssh
2. Append "echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp" to
"/etc/rc.local". This configures the Linux kernel to enable proxy arp on
eth0 (replace "eth0" with your external interface). You only need to
perform this step once. After editing this file either reboot to have it
take affect (you could also manually run the command instead of rebooting).
3. Add a host route with the external IP address as the destination and the
internal IP address as the gateway
-Run 'sysconfig'
-Choose option 6 (routing) and then 2 (Add new host route)
-"destination host IP address": 1.1.1.1
-"gateway IP address": 192.168.1.1
-"metric": Just hit ENTER to
leave it at the default
-That's it, keep entering "e" to exit all the way out of sysconfig
4. Run 'route -n' to verify that your new route got added. It should look
like this:
Destination Gateway Genmask Flags Metric Ref Use
Iface
1.1.1.1 192.168.1.1 255.255.255.255 UGH 0 0 0
eth1
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf
> Of Christian 'Rana' Schlegel
> Sent: Wednesday, March 22, 2006 2:03 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Manual NAT on SPLAT
>
> Hi,
>
> > Hi,
>
> > We are having CP NGX on SPLAT & are trying to do manual NAT on
> > SPLAT but the same doesnt work. We would like to know where & how do
> > we configure arp entries on the firewall modules.
>
> I can tell you about R55, bope it is similar to R60:
>
> First you need to manipulate the file /etc/ethers:
> ext.IP MAC-FW pub netmask 255.255.255.255
> eg.:
> 1.1.1.1 00:0F:AB:22:33:44 pub netmask 255.255.255.255
>
> Second you have to set a static route via Webinterface:
> Destination Netmask Gateway Metric interface
> 1.1.1.1 255.255.255.255 192.168.1.1 0 ethx
>
> Third define manual NAT with the Policy Editor.
>
> HTH
> Christian
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
