Thread: arp still needed for Static NAT ?
View Single Post
  #1 (permalink)  
Old 2006-08-20
karimi karimi is offline
Member
  
Join Date: 2005-08-22
Posts: 54
Rep Power: 4
karimi has an average reputation (10+)
Default arp still needed for Static NAT ?
hello

i am new to this..so bear with me. I have Checknpoint NGX and the following diagram:

Internet/<public ISP> =====> <my fw> ====> <int 10.x.x.x/8>

I want to deliver mail (port 25/smtp) to an internal exchange server (say 10.5.5.50).

My ISP gave me 5 public IPs, like 64.10.10.1-5. So I can put 2 static NAT rules:

#1: src=Any dst=64.10.10.1 svc=smtp / =original dst=10.5.5.50 svc=smtp
#2:
src=10.5.5.50 dst=any svc=smtp / src=S(64.10.10.1) dst=original svc=smtp

Will that work, or do I have to use Proxy-ARP ? If I make a DMZ, do I have to give the DMZ mail server a public IP or a private IP ?

Thanks

~mark
Reply With Quote