Re: [FW-1] Manual NAT on SPLAT

Subject:	Re: [FW-1] Manual NAT on SPLAT
From:	Bhavin Gandhi <bhavin.gandhi AT WIPRO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 23 Mar 2006 09:44:50 +0530

Thanks Jim....


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Jim
Johnson
Sent: Wednesday, March 22, 2006 9:41 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Manual NAT on SPLAT


Here are my instructions on setting this up which I think are a little bit
easier since I don't edit /etc/ethers for every manual nat.  These
instructions are based on the info in sk8022.

1. Logon to the firewall's console locally or via ssh
2. Append "echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp" to
"/etc/rc.local".  This configures the Linux kernel to enable proxy arp on
eth0 (replace "eth0" with your external interface).  You only need to
perform this step once.  After editing this file either reboot to have it
take affect (you could also manually run the command instead of rebooting).
3. Add a host route with the external IP address as the destination and the
internal IP address as the gateway
        -Run 'sysconfig'
        -Choose option 6 (routing) and then 2 (Add new host route)
        -"destination host IP address": 1.1.1.1
        -"gateway IP address":                  192.168.1.1
        -"metric":                                      Just hit ENTER to
leave it at the default
        -That's it, keep entering "e" to exit all the way out of sysconfig
4. Run 'route -n' to verify that your new route got added.  It should look
like this:
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
1.1.1.1             192.168.1.1     255.255.255.255 UGH   0      0        0
eth1

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf
> Of Christian 'Rana' Schlegel
> Sent: Wednesday, March 22, 2006 2:03 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Manual NAT on SPLAT
>
> Hi,
>
> > Hi,
>
> > We are having CP NGX on SPLAT & are trying to do manual NAT on
> > SPLAT but the same doesnt work. We would like to know where & how do
> > we configure arp entries on the firewall modules.
>
> I can tell you about R55, bope it is similar to R60:
>
> First you need to manipulate the file /etc/ethers:
>   ext.IP     MAC-FW         pub netmask 255.255.255.255
> eg.:
>   1.1.1.1 00:0F:AB:22:33:44 pub netmask 255.255.255.255
>
> Second you have to set a static route via Webinterface:
>   Destination    Netmask        Gateway      Metric   interface
>   1.1.1.1    255.255.255.255    192.168.1.1  0        ethx
>
> Third define manual NAT with the Policy Editor.
>
> HTH
> Christian
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Manual NAT on SPLAT, Bhavin Gandhi Re: [FW-1] Manual NAT on SPLAT, Christian 'Rana' Schlegel Re: [FW-1] Manual NAT on SPLAT, Jim Johnson Re: [FW-1] Manual NAT on SPLAT, Bhavin Gandhi Re: [FW-1] Manual NAT on SPLAT, Bhavin Gandhi <=

Previous by Date:	Re: [FW-1] management server not seeing logs from cluster, Ramki Security
Next by Date:	Re: [FW-1] site to site vpn with Watchguard, SIBEL MEREY
Previous by Thread:	Re: [FW-1] Manual NAT on SPLAT, Bhavin Gandhi
Next by Thread:	[FW-1] Problems with some Interfaces., Caballero Carlos
Indexes:	[Date] [Thread] [Top] [All Lists]