NAT Not Always Applying

- W
- Will
  
  Contact options for registered users
posted
17 years ago

Wed, Feb 21, 2007 9:56 AM

I'm having some strange result in an older Checkpoint firewall. I have an NAT rule to convert the destination IP on a public interface to a private IP. I have a corresponding route rule to get the incoming packet to the correct destination router interface.

What I see with a sniffer on the firewall is that about one of every 15 requests the NAT is not taking place. The packets are heading to the inbound router with the public IP address as the destination IP.

I tried rebooting but that did not fix it. What would cause this strange result?

Loading thread data ...

- L
- larstr
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Fri, Feb 23, 2007 8:45 PM

Will wrote: : I'm having some strange result in an older Checkpoint firewall. I have an : NAT rule to convert the destination IP on a public interface to a private : IP. I have a corresponding route rule to get the incoming packet to the : correct destination router interface.

: What I see with a sniffer on the firewall is that about one of every 15 : requests the NAT is not taking place. The packets are heading to the : inbound router with the public IP address as the destination IP.

Will, There used to be a bug in some very old version of CheckPoint Firewall-1 that would give this behaviour in certain circumstances. There were however a workaround for this (that I don't have handy here anymore). What version of Firewall-1 are you using?

Lars

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.