Members Login
Username 
 
Password 
    Remember Me  
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> Nokia FW1 multiple IP / virtual IP on an interface
Post Info TOPIC: Nokia FW1 multiple IP / virtual IP on an interface
JA


Status: Offline
Posts: 6
Date:
Nokia FW1 multiple IP / virtual IP on an interface
Permalink  

Hi,


platform:


Nokia IP350 - IPSO 3.7.1


CP FW1 NG AI R55


Been trying to figure out how to assign more than 1 IP address (which is on the same net segment / destination net) to an interface. When you try via Voyager I get the "same destination network" error, which I have seen refered to.


This is so that I can configure Static NAT (External -> Internal Host) on a diff IP to the main IP on the external interface.


Above anything at the moment if I want to Static Nat Ext -> Int for HTTP the fact that Voyager is listening on port 80 seems to screw things up. Using HTTP as a test, we do not NAT any live HTTP services. I have tried this by adding


Sec Rules (note have not used http_mapped???):


Any -> F1-GW (HTTP)


Int -> Any (HTTP)


Nat Rules:


Orig (Any, F1-Gw)(HTTP)  Trans(Orig,Local Host)(Orig)


Orig (Local Host, Any)(HTTP)  Trans(F1-GW,Any)(Orig)


I have read FAQ / Docs and this seems the correct approach.


Ques:


1. How/Can I configure multiple IP (on the same Net Seg) on an interface?


2. Should my rules above work for HTTP nat if I could configure another IP on external?


3. Should my rules above work for HTTP nat if I changed the port Voyager is on (have not tried this yet)?


4. or are there some steps I am missing?


 


 


 


 


 



__________________
raulico


Status: Offline
Posts: 61
Date:
Permalink  

sorry but i'm not sure if i understood your problem, but proxy-arp is your fix.


could you explain me again what do you want to do, if you want to publish an ip address (of the same subnet of your public-pool-ip-address) as a web-server, i wrote a solution with the steps you have to deploy.


Ciao


Raoul Ferro



__________________
JA


Status: Offline
Posts: 6
Date:
Permalink  

hi,


Thanks for taking the time to help.


Basically want to have multiple IP address on the external interface and be able to static NAT various services from them to local hosts.


At the moments I can I have been able to configure only 1 public IP on the external interface.


I am making sense now?


Cheers



__________________
JA


Status: Offline
Posts: 6
Date:
Permalink  

thanks.


added a proxy arp entry via Voyager


real ip -> ext interface (MAC)


does what i wanted to do or rather is how it is done. This si what happens when one come from a windows environment :)


 



__________________
raulico


Status: Offline
Posts: 61
Date:
Permalink  

yes, but don't forget static route, on voyager, and on checkpoint you need to do the nat rules and security rules too.


ciao


Raoul Ferro



__________________
JA


Status: Offline
Posts: 6
Date:
Permalink  

didnt need static route as the nokia is aware of the network topology from the config on the interfaces???


DO you know what the diff is between using ?


- mapped services such as http_mapped


- automatic NAT


- manual NAT


as in why use one method over another?



__________________
raulico


Status: Offline
Posts: 61
Date:
Permalink  

sorry, but i hate (automatism)automatic conf, so i don't know

__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
FireWall-1 Gurus Forum -> FireWall-1 Gurus Forum -> Nokia FW1 multiple IP / virtual IP on an interface
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard