PAT problem

[rendl42]

Hey there,

I have an ADSL modem with a static ip:
adsl-ext: 155.55.55.55
adsl-dmz: 10.1.1.1

My Checkpoint NGX firewall:
CPNG-ext: 10.1.1.2
CPNG-int: 192.168.0.1

And I have a webserver on the internal network (please disregard the obvious security problem of having it there).
webserver: 192.168.0.250

I created a forwarding rule on the ADSL modem to pass all port 80 requests through to the firewall.

I have a NAT Rule on the firewall as follows:

any -> CPNG-ext:http -> source:original destination:webserver service:original

Then I connect from external with a browser and get a 404. I see a log entry for the FW rule permitting the communication, but the sniffer on webserver shows no packets. Appears the forwarding is broked.

Any suggestions?

Thanks!

[Sergej]

Do you using doble NAT?
Error 404 is better than nothing. That mean that the server is accessible, but contians no files.

[rendl42]

Actually come to think of it, I just "unable to connect to remote host".

I am not familiar with double NAT. I simply NAT on the way in (static as outlined above) and all internal systems are on a hide NAT rule (auto NAT).

[Sergej]

The problem is that you doing NAT 2 times on the DSL Modem/router and on the Firewall. Try to stuck with NAT only on one box. Reconfigure you DSL Modem/Router to a bridge mode. This will bring "real" (public) interfaces on the Firewall.
Use you port nat rule than.