Re: [fw-wiz] NAT sanity check



I've got a /29 public network, addresses (say) .2 to .6, with default
gateway of .1. Can I
place a Checkpoint firewall on .2 and have it use the remaining addresses
for NAT'd services
on the other side of the firewall?

Sure, you can use .3-.6 for publishing services to the internet (Check Point
calls it "static NAT") and use .2 for the firewall's outside interface and
also for outbound network traffic (Check Point calls this "hide NAT"). With
a /29 subnet, the first and eighth addresses (.0 and .7) are reserved and
cannot be used.


Also, would it work if the firewall was a PIX?

Yes.


PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: how to use NAT "One to One" with ISA Server
    ... It is the furthest opposite of "stateful filtering" that you can possibly ... placing the target PC directly on the Internet with a public IP#. ... A local Check Point vendor has a marvelous demo of why you don't want Cisco ... uses Static NAT where you use 1:1, and Static NAT, and Static NAT with ...
    (microsoft.public.isa.configuration)
  • RE: [Firewalls] Checkpoint FW-1 - Static NAT
    ... in order to use static Nat the ip can not be part of the hide Nat ... I have two interfaces on my firewall. ... One to the internet, and the other to ... I am doing basic NAT to allow my internal LAN to access ...
    (comp.security.firewalls)
  • Re: natd.conf problem (was: natd problem (but close!) )
    ... >> lose internet access itself since all return traffic will go to the ... You're trying to set up a static nat configuration ... "Address redirection is useful if several IP addresses are available, ... incoming on that particular IP address back to the specific LAN client. ...
    (freebsd-questions)
  • Re: How do I open a ports (no firewall running)?
    ... as the LAN's Firewall) will perform a Static NAT from it's external ... side IP# to the internal IP# the SQL runs on when it receives traffic ... be no entry for 10061 by default you will have to create a custom ... that he wants to be able to connect to it across the Internet thru a NAT ...
    (microsoft.public.windows.server.networking)
  • DMVPN NAT Transparency
    ... I have a HUB router behind another router that is connected to the ... The internet router does a ... static NAT on a real public IP to 172.24.7.19. ...
    (comp.dcom.sys.cisco)