NAT Question....

Dj_Lien · #1 (**permalink**) 2005-10-28

My company has a two legal IP address. I want to run a webserver (and a few other servers) behind one of these address.

I found this
http://www.phoneboy.com/bin/view.pl/...ranslationFAQs
http://www.phoneboy.com/bin/view.pl/...ksInFireWallNG

But still can't seem to get NAT (or is that work out lol ) working on our Firewall. I've included a few screen grabs.

With this setting for the object

& these are is the rules I've tried. But it don't seem to work.

&

Im running NG FP3 R55. Any help before I start diging into manuals......

charlesdf23 · #2 (**permalink**) 2005-10-28

If you want external people to access this server, you need to set static and put a routable IP address in the field.

Dj_Lien · #3 (**permalink**) 2005-10-28

Quote:

Originally Posted by charlesdf23

If you want external people to access this server, you need to set static and put a routable IP address in the field.

Thanks. I was close but no cigar.

phauser · #4 (**permalink**) 2005-10-28

Quote:

Originally Posted by charlesdf23

If you want external people to access this server, you need to set static and put a routable IP address in the field.

OR.... Configure a NAT rule making PAT. Example: for accessing your webserver at TCP80, you should make a NAT redirecting all incoming traffic to FW host at TCP80, to your_webserver:80.

Dj_Lien · #5 (**permalink**) 2005-10-31

Quote:

Originally Posted by phauser

OR.... Configure a NAT rule making PAT. Example: for accessing your webserver at TCP80, you should make a NAT redirecting all incoming traffic to FW host at TCP80, to your_webserver:80.

Where can I get some documentaion on PAT? There is only NAT in the manual that came with NG. I will need to add a FTP server into the list. Can I just use the firewalls IP address as the 'hide behind address' & it will create PAT rules for me?

Thanks for your quick replys fellas. I owe you a beer or something :)

czech12 · #6 (**permalink**) 2005-10-31

PAT is just a term that is used. It really means that you are configuring an address to be NAT'd only on a certain port. For instance, you can say:

Original Packet Source: Any
Original Packet Destination: Public IP for Web Server
Original Packet Service: HTTP

Translated Packet Source: Original
Translated Packet Destination: Static NAT to Web Server
Translated Packet Service: Original

The reason why you would want to do this is if you have many servers that need to use public IP addresses, you can use the same public address, but translate it to different servers based on the service being used.

I don't know if you'll find any real documentation on PAT, but hopefully that explains it for you.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode