Re: Firewall and IP forwarding
From: gena (kgennady_at_hotmail.com.NOSPAM)
Date: 02/29/04
- Next message: mai1_host: "Re: How to network home and office without terminal services??"
- Previous message: Kevin: "Using CMAK"
- In reply to: Bill Grant: "Re: Firewall and IP forwarding"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 29 Feb 2004 09:10:03 +0200
Thank you.
But how then I suppose to test connectivity through future FireWall computer
before I install NAT comming with this FireWall?
It was HIGHLY recommended in manual ... Do they mean I need client with
legal IP adress for this?
"Bill Grant" <not.available@online> wrote in message
news:Oe959LN$DHA.3220@TK2MSFTNGP10.phx.gbl...
> You cannot route private addresses through the Internet. Internet
routers
> are programmed to discard them because they are not unique.
>
> You need either proxy or NAT software to enable private IPs to access
> the Internet. Checkpoint should do that for you when it is installed. NT4
> did not include this software as standard. W2k includes ICS and RRAS/NAT
for
> this purpose.
>
> "gena" <kgennady@hotmail.com.NOSPAM> wrote in message
> news:uiWxwaJ$DHA.2660@TK2MSFTNGP10.phx.gbl...
> > Hello. I am very new to all of this and I am not sure if these are
even
> > the
> > appropriate groups for this question....if not, I apologize in advance
and
> > please feel free to point me in the right direction.
> >
> > I administering small network with internal IP
> 192.168.0.0(255.255.255.0).
> > My ISP installed ADSL modem/Router with internal IP 212.150.151.124.
> >
> >
> >
> > The ultimate goal here is to install CheckPoint Firewall-1 on NT4.0
> > server, which will be gateway of my internal network. I have installed
> NT4.0
> > Server on the computer I want use as firewall (FW) with next
> configuration:
> >
> >
> >
> > 1-th NIC - External: IP 212.150.151.123
> >
> > Subnet mask 255.255.255.248
> >
> > Gateway 212.150.151.124 (Internal IP of the
> router)
> >
> > 2-th NIC- Internal: IP 192.168.0.10
> >
> > Subnet mask 255.255.255.0
> >
> > Gateway left blank
> >
> > IP Forwarding box is currently checked-in (enabled).
> >
> > From the FW I access Internet without problems.
> >
> >
> >
> > In the manuals it's highly recommended to test connection from
internal
> > LAN to Internet through firewall machine before installation of
FireWall.
> >
> > So I connected a laptop with following IP configuration to internal
> > interface of FW machine to test the connection from inner LAN to the
> router.
> >
> >
> >
> > IP 192.168.0.2
> >
> > Subnet mask 255.255.255.0
> >
> > Gateway 192.168.0.10 (Internal IP of the FW machine)
> >
> >
> >
> > From the client I successfully sent ping to both internal and external
> > interfaces of FW machine (192.168.0.10 and 212.150.151.123), but when I
> > tried send ping to internal interface of the router (212.150.151.124) it
> was
> > not successful, therefore
> >
> > 1-th question - do I need to define static route on FW machine, or
> FireWall
> > will take care of the routing after installation by itself?
> >
> > Defining static route, as it was written in manual did not solve the
> > problem. Furthermore my client lost connection to external interface of
> the
> > FW machine (212.150.151.123).
> >
> > Here is the main question what subnet exactly must I make static route
> for?
> > (And how?)
> >
> > I did try some variations of static routes but with no result.
> >
> > I even Installed Win2K server on FW machine and enabled Internet
> connections
> > sharing and it worked perfectly - client browsed Internet freely. So I
> guess
> > there is some static route problem.
> >
> > Another possibility is that my router drops packets from illegal IP's if
> > there is no NAT between router and client with 192.168.0.2 address.
That's
> > why it did work with W2K server, and does not work with NT4.0 Server
> before
> > I install FireWall on it.
> >
> >
> >
> > Please help me.
> >
> > Thank you in advance
> >
> > Gennady.
> >
> >
>
>
- Next message: mai1_host: "Re: How to network home and office without terminal services??"
- Previous message: Kevin: "Using CMAK"
- In reply to: Bill Grant: "Re: Firewall and IP forwarding"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
