Board index netbsd

need help finding router solution

need help finding router solution

Post by easyto.. » Wed, 13 Mar 2002 07:31:58



hey, guys / gals  i need some help in finding a solution. i need a
router that can nat. i have used ipf before for this but this solution
will be a bit different. it will need to nat all outbound packets as
my internal addressess are all rfc-1918. i only have one legal
routable ip anyway. whats different about this is i need it to not
block (filter) any incomming traffic, and i need it to foward all
traffic thats incomming to my firewall thats inside. the situation is
i have a checkpoint fw, and on checkpoint you just cant change the ip
for the external interface because the license is bound to it. its
also a real * to change and modify rules for a address change
so..... what i would like to do is keep checkpoints existing addy
(which is a rfc-1918) and have it connected to the router.

ex.
isp given ip----(router)10.0.0.1-------10.0.0.2(ckp-fw)----internal

as mentioned above i need the router to nat outbound traffic which
will be comming from my checkpoint fw but i dont want the router to
filter any inbound traffic and i want it to pass all inbound traffic
to the checkpoint firewall.

is this possible and if so how?

thanks in advance,

 
 
 
Top

need help finding router solution

Post by jp » Wed, 13 Mar 2002 07:44:14


On Mon, 11 Mar 2002 22:31:58 GMT,
[snip]

Quote:> as mentioned above i need the router to nat outbound traffic which
> will be comming from my checkpoint fw but i dont want the router to
> filter any inbound traffic and i want it to pass all inbound traffic
> to the checkpoint firewall.

And you can't have the checkpoint fw/router do NAT for you?

--
  j p d (at) d s b (dot) t u d e l f t (dot) n l .

 
 
 
Top

need help finding router solution

Post by easyto.. » Wed, 13 Mar 2002 10:35:11


i dont think you understand what i posted. i can have the checkpoint
fw nat, but if i had the ckp fw nate i would not need a router as i
could just have the fw direct to the internet. the issue is you cant
change the ip for the external interface on checkpoint fw's without
obtaining a new lincense. if you have ever dealt with ckp you know its
nothing short of a miracle to obtain a working lincense. the interface
for the fw is already binded to 192.168.0.1 and i dont want to get
another lincense. besides the rules are already written for the
current config. i did mention i only have one valid routable ip that
my internet isp has given me and if i was to nat at the fw it would
require 3 valid ips...two for router and one for ex. interface of fw.
that is why i need to nat at the router but forward all incomming
traffic, non-filtered as the rules on the fw can do that, to the
fw.....192.168.0.1.
basically i want to port forward all incomming traffic the router sees
without having to put 65,000+ forward statments on the router for
every tcp port. this would allow me to also change isp in the future
without reconfiguring the fw or having to obtain a new lincense
everytime.



>On Mon, 11 Mar 2002 22:31:58 GMT,

>[snip]
>> as mentioned above i need the router to nat outbound traffic which
>> will be comming from my checkpoint fw but i dont want the router to
>> filter any inbound traffic and i want it to pass all inbound traffic
>> to the checkpoint firewall.

>And you can't have the checkpoint fw/router do NAT for you?

 
 
 
Top

1. Help needed finding a solution (REPOSTED)

Hi,

        Apologies for the report by groups.google doesn't seem to have
posted the original.

        I've been given a task which is as follows ;

Create a Linux box with Cyclades 8 port card installed (done RH7.2,
works OK)

It needs to be able to accept an incoming  call and then work out
whether it's;
1) Dial-Up Networking connection (ppp)
2) Kermit
3) Zmodem
and if it's 2 or 3 then auto-receive the files coming in.

I've got RH7.2 working with pppd running fine, but I'm now wondering
if this is the best solution.

I've seen freeradius and portslave (but not used either), has anyone
used one or both of these ?

Also does anyone know if minicom can auto-detect and auto-accept
zmodem or kermit ?

I did the original project many years ago on DOS, but we're looking at
upgrading to a multi-tasking/user environment and I've pushed Linux
hard (against very M$ orientated people) and now I want to try and get
a solution in place ASAP before anyone changes their mind.

I also need to be able to accept a proprietary protocol which I have
to code in myself, which is another good reason for open-source ;-)

I will be honest in that I've already resigned myself to a complete
re-develop using my own-rolled libraries, etc. but I'd rather 'cheat'
if possible ;-)

Any help/ideas appreciated
Neil E.

Remove [removetoreply] from email address to mail me direct

2. Multitasking Performance

3. Need help finding the right router for me

4. PPPD script used to call my ISP

5. DNS caching server on PPP router, elegant solution needed

6. Red HAt 5.0 / Disk Druid

7. need to find a solution for hebrew on sco5

8. Random lines during mouse movement

9. Need to find ASP solution that is not mod_perl

10. router solution help

11. Need to find vi command to remove ^H from command man find > find.txt

12. Please HELP me find a solution

13. Help in finding an all Redhat solution|Software and Manuals


All times are UTC
Board index