CheckPoint firewall behind DSL router
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

CheckPoint firewall behind DSL router

From: Dave <withheld@nospam.thanks>
Date: Tue Jun 28 2005 - 21:55:24 CEST



Dear all,



Can anyone enlighten me on this? I'm trying to set-up a service (ftp for


example) running on a PC (IP:192.168.0.100) behind a CheckPoint R55 firewall


that is behind a DSL router (LinkSys) to be accessible from internet static


IP. I think I am having trouble with NAT between the router and firewall as


the packets don't even show up in the firewalll log. If I connect router to


the ftp server directly (with port forwarding) it works fine:


(Internet) ---Public IP(LinkSys Router)192.168.0.2---(fwd port 20 to


192.168.0.100:20)---192.168.0.100(FTP server)


The above only works if the ftp server has default gateway and DNS set to


192.168.0.2



What I want to achieve is this:


(Internet) ---Public_IP(LinkSys Router)172.16.1.2---(fwd port 20 to


172.16.1.100:20)---172.16.1.1(Firewall)192.168.0----192.168.0.100(FTP


server) with default gateway and DNS set to 192.168.0.2



Problem appears to be in NAT-ing 172.16.1.100 to 192.168.0.100 and NAT-ing


192.168.0.2 to 172.16.1.2



Here is what I tried:


Original packet:


    Source: 172.16.1.2


    Dest: 172.16.1.100


    Service: ftp-pasv



Translated packet:


    Source: original


    Dest: 192.168.0.100


    Service: original


--------------------


Original packet:


    Source: 192.168.0.100


    Dest: 192.168.0.2


    Service: Any



Translated packet:


    Source: original


    Dest: 172.16.1.2


    Service: original



What am I doing wrong?



Thanks,



Dave


Received on Thu Sep 29 19:57:08 2005