Minimal NAT config

paolo.piombino · #1 (**permalink**) 2007-10-23

Hi All
i have a Checkpoint Firewall 1NGX v60 trial 15 days version on RHEL 3 installed but does not work :((
the installation was successfull but i cannot configure the firewall for nothing.
Can anyone give me a simple example configuration?
It is a problem with trial version or not?

I made a config with 2 ethernet
LAN: 192.168.1.99
WAN:1.1.1.1
an i will nat all outbound traffic with the public IP address.
thank you
bye
Paolo

mcnallym · #2 (**permalink**) 2007-10-23

Did you install a smartcenter and gateway on the box or just a gateway?

paolo.piombino · #3 (**permalink**) 2007-10-24

both

thank you

Paolo

mcnallym · #4 (**permalink**) 2007-10-24

There is a fully functional 15 day trial license so shouldn't be a problem.

Can you even login to the Dashboard at all.

First rule should allow you access with ssh to the box

so

Src = Your PC
Dst = Firewall Object
Service = ssh
Action = Accept
Track = Log

Second Rule should prevent all other traffic to the firewall

Src = Any
Dst = Firewall Object
Service = Any
Action = Drop
Track = Log

Third Rule allow outbound

Src = Net192.168.1.0
Dst = Any
Service = Any
Action = Accept
Track = Blank

4th Rule

Src = Any
Dsst = Any
Service = Any
Action = Accept
Track = Log

On the object for Net_192.168.1.x then go to the NAT tab and set to hide behind gateway.

This config will allow your specific pc access with ssh to the Red Hat Linux, if you want other services then just add the required ones to the services coloumn.

It will prevent any other address making a remote connection to the firewall box.

It will allow the 192.168.1.x network access to the outside world natted behind the address of the firewall.

It will drop all other traffic and log the dropped packets.

This is about the most basic that you can get.

MarioL · #5 (**permalink**) 2007-10-24

Typo on 4th rule, Action should be "Drop" ;)

And since you are testing, I'd log rule 3, so you see the traffic going out.

paolo.piombino · #6 (**permalink**) 2007-10-24

Excuse me but I' am a newbie with firewall 1 :-((

Under "Security" tab i write a the 1st rule

N.1 Name:BLANK SOURCE:192.168.1.112 (my IP address) DESTINATION:WAN IP address of the firewall-1 VPN:ANY TRAFFIC SERVICE:TCP-ssh ACTION:ACCEPT TRACK:LOG INSTALL ON:policy target TIME:any

but i cannot connect with putty to the firewall
what is wrong?
thanks

Paolo

MarioL · #7 (**permalink**) 2007-10-25

Use the firewall object on that rule, no need to create a specific host for the external IP. Also, you are probably connecting internally, right?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode