Firewalls: Firewall-1, Static Address Translation problem [2]

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Firewall-1, Static Address Translation problem [2]
From:	Patrik Backstrom <pb @ techno . org>
Date:	Sat, 2 Aug 1997 15:31:02 +0200 (MET DST)
To:	firewalls @ GreatCircle . COM

Thanks to everyone who answered.

The problem was (and still is) the anti-spoofing feature. The manual says
you should add the hidden and the official ip addresses to both the
internal and external interface on the firewall. This doesn't help, the
firewall still drops the packets. But as soon i as remove the antispoofing
features (ie. setting both interfaces to accept any ip's), everything
works just fine.

Since i really would like to use the anti-spoofing features, this is a bit
of a problem. Any ideas?

/pb

 ---------------------------------------------------------------------
  Patrik Bäckström (BOFH)   Phone........: +46-(0)706-661928
  Hjalmar Bergmans gata 50  Homepage.....: http://warp.techno.org/
  422 52 Hisings Backa      E-Mail.......: pb @
 techno .
 org

  PGP Pub Key......: http://warp.techno.org/~pb/pgpkey
             \.....: finger pb @
 warp .
 techno .
 org
 ---------------------------------------------------------------------

---------- Forwarded message ----------
Date: Wed, 30 Jul 1997 12:34:26 +0200 (MET DST)
From: Patrik Backstrom <pb @
 techno .
 org>
To: firewalls @
 greatcircle .
 com
Subject: Firewall-1, Static Address Translation problem

Hi!

I have a problem with static address translation. When the client on the
inside connects to the outside, everything works fine. But when a machine
on the outside tries to connect to the client's valid ip, it just won't go
trough the firewall.

I have configured the Network Object, Workstation, Address Translation for
Automatic Rules, Static and the Valid IP adress.

The logs on the Firewall-1 says that the packet is accepted, but it won't
reach the internal client.

It can't be a routing problem, since it works fine when the client
connects to the outside world. The source IP after the translation is also
correct.

/pb

 ---------------------------------------------------------------------
  Patrik Bäckström (BOFH)   Phone........: +46-(0)706-661928
  Hjalmar Bergmans gata 50  Homepage.....: http://warp.techno.org/
  422 52 Hisings Backa      E-Mail.......: pb @
 techno .
 org

  PGP Pub Key......: http://warp.techno.org/~pb/pgpkey
             \.....: finger pb @
 warp .
 techno .
 org
 ---------------------------------------------------------------------

Indexed By Date	Previous:	Web Oriented Mail Clients From: Dick_Wall @ stratus . com
Indexed By Date	Next:	Re: [Fwd: [Fwd: Subject: good luck totem]] From: Mubashir Hasan Kazia <mubashir @ scsnoida . stpn . soft . net>
Indexed By Thread	Previous:	re: Web Oriented Mail Clients From: JDaggan @ cgsh . com
Indexed By Thread	Next:	RE: Firewall-1, Static Address Translation problem [2] From: "Angel López Escobar" <alopez @ mdintesis . es>