Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Firewall, NAT, Router... something is blocking me

Posted on 2003-03-19
Medium Priority
Last Modified: 2013-11-16

I have a litlle problem when I want to NAT a webserver,

Current configuration :

Webserver with <web public IP> gateway : <public IP of my Firewall>  ==> everything's working fine, but unprotected.

New configuration :

Webserver with <192.168.*.*> NAT to <web public IP> gateway <private IP of DMZ> : nothing's going in nor out


Webserver with <192.168.*.*> NAT to <another public IP of our range> gateway <private IP of DMZ> : everything's working perfect !

Problem :

I can't change my DNS to point to new public IP because of same problem on ftp server that is configured on all the workshops of my company. Changing DNS is not a solution !

Where can that be bloacked then ???

Please help :-)

Question by:Tessai
  • 2

Expert Comment

ID: 8167905
Ok need to clear things up a little first. An ASCII diagram, or better worded description of the environment you would LIKE to implement would be much appreciated.

Also if you could specifiy products being used.

Author Comment

ID: 8168186

I have a firewall, a LAN and a DMZ

In my LAN, I have all the workstations of my LAN working fine,
In my DMZ I have nothing up to now, exept a PCtest with FTP and WWW running on it and accessible from the internet, so the DMZ is working fine,

On my firewall, a FW1 Checkpoint, 3 NIC's, 1 for my LAN, 1 for my DMZ and 1 connected to a switch, a RJ45 goes to my cisco routeur.

Internet == router == switch ==> FW1 and up to now webserver, ftpserver, mailserver

What I would like to do is :

Internet == router == switch == FW1
FW1 linked to LAN and DMZ

What I did :

Set webserver with public IP (ie. to private IP behind DMZ (ie 192.168.1.*), so the webserver has now 192.168.1.* and NAT to it's prior public IP. ==> not working

If I set the webserver on another public IP (ie., it's working fine...

Why ??

Hope it's well explained....

Accepted Solution

karrik earned 500 total points
ID: 8171990
I had a similar problem last year and it turned out that a Cisco router "remembered" that the old MAC address belonged to the public IP and it never allowed the new NAT:ted MAC address for the service.

Power cycling the Cisco after I NAT:ted the server solved my problem.

You can easily see if this is the case by running tcpdump or a similar program on your setup.

Author Comment

ID: 8173443
YEAH !!! That was it !!!!

Thanks for your help !

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question