Hi,
We have a proxy server in internal network and I want to redirect all internet http requests to a web server in local network. It'll be like a Network Billboard that say "No direct connection is available. Set up your proxy etc." For example:
A user starts the computer Opens the browser Trys to open www.google.com Should see web server output on local network Trys another web site on internet Should see web server output on local network Sets up proxy Trys to connect to a web site Web site should be loaded
I have added a simple manual NAT rule to address translation in Checkpoint firewall but it simply does not work. Here is my address translation rule
Source Destination Service T.Source T.Destination T.Service
MY_PC A_GOOGLE_IP ALL ORIGINAL INT_WEB_SRV ORIGINAL
Then when I ping A_GOOGLE_IP, replies come from INT_WEB_SRV, as I expected. However, when I try to connect A_GOOGLE_IP from browser (http://A_GOOGLE_IP), No replies come from SYN_SENT and falls into timeout. When I look at the firewall log of INT_WEB_SRV, I can see the incoming connection requests from MY_PC is accepted and NO denies. By the way, there is no problem to see INT_WEB_SRV (http://INT_WEB_SRV) from browser.
My understanding is, my nat rule at checkpoint NGX R60 does not include return packets. I definitely need some help.
Regards, Burak
-
When running into NAT issues, I always start off by opening a couple SSH sessions and doing tcpdumps on both internal and external interfaces.
something like:
tcpdump -i eth0 proto ICMPor
tcpdump -i eth0 host A_GOOGLE_IPand watch to see what the Nat'd IP address is. That should at least give you somewhere to start!
From JakeRobinson
0 comments:
Post a Comment