Checkpoint firewall or Routing Problem?
Posted on 2004-10-15
I have a Checkpoint firewall running on top of a SUN server. What I'm trying to do seems as though it should be really easy but I'm fairly new to both UNIX and Checkpoint so I can't see my mistake. Here are the details:
1) I have a web server on my DMZ network.
2) I created two network objects: one for external address of web server (I called it Webserver-X) and one object that is the internal address with a static mapping mapping to one of our outside addresses (I called the object Webserver).
3) I've installed a rule in Checkpoint that says:
SOURCE DESTINATION SERVICE
Any Webserver-X tcp http
4) Next I add the route and bind to our outside address (I've changed the IP and HW addresses shown here to some random address).
route add 188.8.131.52 10.10.1.26
arp -s 184.108.40.206 09:00:20:ce:be:91 pub
Internally the page works fine. When I try to connect from outside our network, I get error page cannot be displayed. However when I view the firewall log, I can see that my connection to Webserver-X was "accepted": the Source was some external address that I was testing from and the Destination was Webserver-X.
So I can't see why the page is not displayed. It's like the Firewall software is okay with the connection but I've done something wrong on the underlying UNIX part... can anyone point me in the right direction???