-----Original Message-----
From: noor sayed [mailto:noor(_at_)adtdc(_dot_)co(_dot_)ae]
Sent: Saturday, June 10, 2000 12:26 PM
To: ietf(_at_)ietf(_dot_)org
Subject: NAT Checkpoint Firewall 1
Installed Checkpoint Firewall 1 with three Network Interface.
One is connecting to the outside world, one to local-net and other to DMZ.
(for Local-net and DMZ 192.168.xx.xx ip address has been >used)
First, i think you shouldn't use the same ip address range both for your on
local-net and DMZ.
configured the workstation properties of the mail server using static NAT.
i use the route add command on the fire wall machine for mapping the
Private IP address of the mail server to Public one.
you don't need use the route command for routing. you can use FW-1's rule
for routing. Also, is ICMP feature on the FW-1 open? You can see it from
logs of FW.
PROBLEM
1) My mail server is on the Local-net From the firewall i cannot ping the
mail server Private IP address (192.168.xx.xx), but i can ping >the network
interface connected to the local-net on the firewall machine . i cannot even
ping the Public IP address which i have map to the mail-srv.
Because when the FW-1 has ping, FW send this request to the outside because
of NAT. If your FW is on UNIX or Linux you can scan this situation with
"tcpdump". If you want to use NAT. You should create an "Address-range" into
the FW-1 that contains all of your clients. and write appropriate rule.
Best regards..
Ilker G.