Ok I am setting up a webserver and putting it behind a
firewall with a private address. I had the this site
working when I had my external address, now that I put it
internal I am guessing I need to set up NAT through the
Gateway(firewall). The questionis a domain service has my
top level DNS which has A, Cname, and MX records then
comes the router, gateway(firewall), and internal domain
with internal DNS. How do I get the webserver working is
there something i have to do on the router to tell it to
go to the gateway and look for that address , or I guess
my question is how does the gateway know to pick up that
IP and tell it to go to the internal IP.

Sorry for the grammar and lack of DNS, firewall knowledge

Thanks for the help

[ Post a follow-up to this message ]

Hi Jim,

I have told you in my previous post that this is something that you should
check with CheckPoint documentation and news group. Also if you will
administer get to know the product, otherwise you won't be able to run it in
secure way.

Having said that here are some tips on how to configure you CheckPoint to
run your web site on private network.

First create two host objects e.g.
WebServer_Private and give it private IP (e.g. 192.168.0.5) (this IP depends
on your firewall configuration, number of interfaces and their IP assignment
WebServer_Public and give it public IP (e.g. 193.2.1.70)

Then open %fwdir% and browse to config folder. Here look for file called
local.arp and open it using notepad. If file doesn't exit create one. In the
file create the following entry.

193.2.1.70    00-08-02-F6-33-9D

Where you replace 193.2.1.70 with public IP of web server
and 00-08-02-F6-33-9D replace with MAC address of _public_ network card of
your checkpoint firewall.

Next thing you have to do is create static route from public IP to private
IP.

e.g.

route print -p 193.2.1.70 mask 255.255.255.255 192.168.0.5

193.2.1.70 = piblic IP of your web server
mask 255.255.255.255 = specific host (in this case 193.2.1.70)
192.168.0.5 = private IP of your web server

Next thing you need to do is create appropriate rules on your firewall for
your web server e.g.

Source    Destination    Coming Via    Services    Logging
Any      WebServer_Public    Any            http            Log

under services add any other services that run on the server and _don't_ put
in ANY!!!

If you need to surf from your web server then also open

Source                    Destination    Coming Via    Services
Logging
WebServer_Public      Any                 Any             http, https
Log

Next thing, open Network Address Translation and create rule like this:

Before NAT                                            After NAT
Source Address Destination Address        Source Address    Destination
Address
Any                        WebServer_Public        Any
WebServer_Private
WebServer_Private    Any                        WebServer_Public    Any

This is about it. Again, I can't stress enough how important it is that you
understand your checkpoint firewall if you are going to use it...

Mike

"Jim" <anonymous@discussions.microsoft.com> wrote in message
 news:29f6c01c4652d$b57cdf90$a301280a@phx
.gbl...
> Ok I am setting up a webserver and putting it behind a
> firewall with a private address. I had the this site
> working when I had my external address, now that I put it
> internal I am guessing I need to set up NAT through the
> Gateway(firewall). The questionis a domain service has my
> top level DNS which has A, Cname, and MX records then
> comes the router, gateway(firewall), and internal domain
> with internal DNS. How do I get the webserver working is
> there something i have to do on the router to tell it to
> go to the gateway and look for that address , or I guess
> my question is how does the gateway know to pick up that
> IP and tell it to go to the internal IP.
>
> Sorry for the grammar and lack of DNS, firewall knowledge
>
> Thanks for the help

[ Post a follow-up to this message ]