I am configuring two machines
ComputerA - Checkpoint Firewall installed here
222.*.*.* 10.1.1.1ComputerB
10.1.1.2I am setting 10.1.1.2 with Static NAT and hiding it behind 222.*.*.*
I am trying to use ComputerB to perform regular web browsing but it does not work. I am able to ping from computerB to 222.*.*.*
Any idea? Do I need to set up DNS Server for this?
The only rule I set is from ComputerB to ANy, Http Accept. I am trying Hide mode and it did not work either.
Without functioning DNS Internet is not much fun.
You need some rules that allow the internal machine(s) to resolve host names. This can be done by running an own (caching only) DNS Server, that must be allowed to contact external DNS Servers or by allowing the internal machines to contact external DNS servers.
The general approach to all firewalling/filtering is:
- Sit down with a piece of paper
- make up your mind about the policy by writing it down in a table looking somthing like:
source destination service port/protocol allow log
------------------------------------------------------------- LAN any http 80/tcp y n LAN any https 443/tcp y n LAN ISP DNS DNS 53/udp y n LAN ISP MTA smtp 25/tcp y n .... ... .... ... y n any any any any n y After that implement thar ruleset into your filtering machine (whatever you use). If something is not working it will for sure be caught by the last rule (deny everything) and show up in the logfile. Watch the logfile and maybe allow addional connections according to your requirements.
Wolfgang
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.