Thread: Transparent redirect with CP R55
View Single Post
  #1 (permalink)  
Old 2006-02-10
ipfw_rules ipfw_rules is offline
Junior Member
  
Join Date: 2006-02-10
Posts: 1
Rep Power: 0
ipfw_rules has an average reputation (10+)
Default Transparent redirect with CP R55
Hello people.

I was recently forced to implement several Checkpoint FW-1 clusters running Checkpoint NG AI on Solaris.
Now, Im trying to get them to do what a modern firewall should be able to do, but I have very little success.

I want to hijack all outgoing connections with a destination port of 25 and redirect them to a local server. Basically, we want to allow smtp, but only trough our own server, and it should be transparent so that the users doesnt have to change anything.
The rule Im trying to implement looks like this:

ORIGINAL TRANSLATED
SOURCE DEST SERVICE SOURCE DEST SERVICE
local_net any smtp original local_smtp original

Checkpoint refuses and says that if original destination is any then translated destination must = original. What is the point of having translation if you are not allowed to translate?

Can anyone verify that CP really is not able to do this?
Does anyone know if there is a workaround?
I simply can not phatom that a ridiculously expensive and well-known firewall is not able to do simple redirects.
Reply With Quote