Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andy_N
Contributor

Port forwarding

Hi, everyone

I’ve got HA ClusterXL with 3  VIP interfaces (1 WAN and 2 LAN) (see attached pic1).

When I do port forwarding for LAN – its works fine (smtp).

But for VIP DMZ – it doesn’t works (ftp)

In logging everything – OK – rule is working, but in the NAT section (pic 2) destination – wrong server (cloud). The cloud – has own rule for publishing (smtp).

We have only one public IP.

What should I do to make port forwarding working correctly?

 

Thanks

0 Kudos
3 Replies
Andy_N
Contributor

I did it myself.

Manual NAT - no more

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I don't quite understand the problem.

- Can you see an arp entry for the VIP?

- Create a manual NAT rule!

- Add a proxy arp address if necessary!

What does a fw monitor show?

# fwaccl off

# fw monitor -e "accept(src=<host> or dst=<host>);"

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Andy_N
Contributor

Thanks for reply, Heiko

I did manual NAT rules.

Everything is working well.

Thanks.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events