Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?

Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT? Will 04-17-2008
Posted by Will on April 17, 2008, 2:34 am
If you were  Registered and logged in, you could reply and use other advanced thread options
We have two mail servers: one for incoming mail and one for outgoing, and
both are behind Firewall-1. I want them to be seen on the Internet as a
single IP address. Can I have a single common public address that exists
both in a static and hidden translation rule at the same time?

I would configure the incoming mail server with a static rule, so that
incoming packets to that public IP get directed by the firewall to the
incoming mail server. I would configure the outgoing mail server with a
hidden automatic NAT rule that points to the same public IP, so that
outgoing packets from that mail server get NAT'd to the common public IP.

I know this works for more than one host to share one public IP using hidden
translation, but I don't know yet if it would work with a single public IP
using both a static and hidden rule. Any advice on this is appreciated.

--
Will





Posted by on April 19, 2008, 8:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
: We have two mail servers: one for incoming mail and one for outgoing, and
: both are behind Firewall-1. I want them to be seen on the Internet as a
: single IP address. Can I have a single common public address that exists
: both in a static and hidden translation rule at the same time?

Try using a normal automatic static setup for the inbound connection and setup a
manual rule with a hide rule for the outbound connection.

Lars

Posted by Wayne on April 20, 2008, 7:20 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Lookup "smtp security server" in the help files, you'll need that to get the
incoming mail traffic working. If you're not sure, check CD2 and the \Docs
directory.

Wayne McGlinn
Brisbane, Oz

> We have two mail servers: one for incoming mail and one for outgoing, and
> both are behind Firewall-1. I want them to be seen on the Internet as a
> single IP address. Can I have a single common public address that
> exists both in a static and hidden translation rule at the same time?
>
> I would configure the incoming mail server with a static rule, so that
> incoming packets to that public IP get directed by the firewall to the
> incoming mail server. I would configure the outgoing mail server with a
> hidden automatic NAT rule that points to the same public IP, so that
> outgoing packets from that mail server get NAT'd to the common public IP.
>
> I know this works for more than one host to share one public IP using
> hidden translation, but I don't know yet if it would work with a single
> public IP using both a static and hidden rule. Any advice on this is
> appreciated.
>
> --
> Will
>
>
>
>


Posted by on May 13, 2008, 4:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options
: Lookup "smtp security server" in the help files, you'll need that to get the
: incoming mail traffic working. If you're not sure, check CD2 and the \Docs
: directory.

I guess the reasons he wants to do this is because he wants to put an
extra email filtering box in the mail flow? He didn't specify, but it's
a very common thing to do now. The SMTP Security Server used to be very
widely used a few years ago. As the years passed, the spam problem
increased while the SMTP Securiy Server remained unchanged.

You can still use the SMTP Sercuriy server in front of your spam
filtering server but you'll loose potential functionality such as
delaying (also known as greylisting), DNSBL, HELO blacklisting and you
won't be able to block emails at the SMTP level that will avoid your
systems from sending faulty NDRs.

Lars

Similar ThreadsPosted
Protecting internal MS Certificate Server with Firewall1 NG FP3 May 11, 2005, 12:29 am
cisco pix 515 outside ping to internal hosts September 14, 2005, 9:26 pm
Static NAT On 2 Routers - Different Public IP's Pointing to Same Private IP? September 22, 2007, 8:50 pm
Netscreen 50 Different NAT'ed Public IP for Internal Subnet December 22, 2006, 9:17 am
IPTABLES - Allow Internal HOST with Public IP through Firewall June 30, 2008, 4:19 pm
Re: 2Wire 1000HG - help using internal static address as port forwarding destintation September 3, 2006, 3:15 pm
zonealarm "hidden" block on ssh as service until restarted December 22, 2004, 6:58 am
zonealarm "hidden" block on ssh as service until restarted January 4, 2005, 8:38 am
zonealarm "hidden" block on ssh as service until restarted January 5, 2005, 11:56 pm
How to See a List of Hosts that Firewall-1 is Using in License? December 19, 2006, 2:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy