Firewalls: RE: Firewall-1, Static Address Translation problem [2]

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Firewall-1, Static Address Translation problem [2]
From:	"Angel López Escobar" <alopez @ mdintesis . es>
Date:	Mon, 4 Aug 1997 17:47:42 +0200
To:	"Patrik Backstrom" <pb @ techno . org>, <firewalls @ GreatCircle . COM>

Hi,

I implement that and it's working or I hope so. Create a group, name it (i.e.)LOCAL+TR, with the local-net Network Object + all the translated valid ip add's (I created a false Workstation with the translated address as internal for each translated IP).
At the external IF, you mark other addresses and in the internal IF you select specific and the object will be LOCAL+TR.

In my opinion this may work, Any other ideas ?

Regards,
A.Lopez

----------
De: Patrik Backstrom <pb @ techno . org>
A: firewalls @ GreatCircle . COM
Asunto: Firewall-1, Static Address Translation problem [2]
Fecha: sábado 2 de agosto de 1997 15:31

Thanks to everyone who answered.

The problem was (and still is) the anti-spoofing feature. The manual says
you should add the hidden and the official ip addresses to both the
internal and external interface on the firewall. This doesn't help, the
firewall still drops the packets. But as soon i as remove the antispoofing
features (ie. setting both interfaces to accept any ip's), everything
works just fine.

Since i really would like to use the anti-spoofing features, this is a bit
of a problem. Any ideas?

/pb

---------------------------------------------------------------------
Patrik Bäckström (BOFH)   Phone........: +46-(0)706-661928
Hjalmar Bergmans gata 50 Homepage.....: http://warp.techno.org/
422 52 Hisings Backa      E-Mail.......: pb @ techno . org

PGP Pub Key......: http://warp.techno.org/~pb/pgpkey
            \.....: finger pb @ warp . techno . org
---------------------------------------------------------------------

---------- Forwarded message ----------
Date: Wed, 30 Jul 1997 12:34:26 +0200 (MET DST)
From: Patrik Backstrom <pb @ techno . org>
To: firewalls @ greatcircle . com
Subject: Firewall-1, Static Address Translation problem

Hi!

I have a problem with static address translation. When the client on the
inside connects to the outside, everything works fine. But when a machine
on the outside tries to connect to the client's valid ip, it just won't go
trough the firewall.

I have configured the Network Object, Workstation, Address Translation for
Automatic Rules, Static and the Valid IP adress.

The logs on the Firewall-1 says that the packet is accepted, but it won't
reach the internal client.

It can't be a routing problem, since it works fine when the client
connects to the outside world. The source IP after the translation is also
correct.

/pb

---------------------------------------------------------------------
Patrik Bäckström (BOFH)   Phone........: +46-(0)706-661928
Hjalmar Bergmans gata 50 Homepage.....: http://warp.techno.org/
422 52 Hisings Backa      E-Mail.......: pb @ techno . org

PGP Pub Key......: http://warp.techno.org/~pb/pgpkey
            \.....: finger pb @ warp . techno . org
---------------------------------------------------------------------

----------

Indexed By Date	Previous:	Security of IP to IPX internet gateway From: "Martin C. Walker" <martinw @ epcorp . com>
Indexed By Date	Next:	Re: Lotus Notes Servers From: Hartmut . Fehling @ Hamburg-Mannheimer . de
Indexed By Thread	Previous:	Firewall-1, Static Address Translation problem [2] From: Patrik Backstrom <pb @ techno . org>
Indexed By Thread	Next:	Re: Firewall-1, Static Address Translation problem [2] From: "John DIas" <johndias @ inreach . com>