Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Firewall & Router NAT

  • 09-07-2004 12:10pm
    #1
    Closed Accounts Posts: 216 ✭✭


    Hey all,

    Looking for some help with a networking problem. I have an ADSL router (D-Link 502-T) and a firewall (CheckPoint Sofware SBox-100). The router is used just to dial-up, but it is able to implement NAT and firewall. The firewall hadles all. However, as it's setup, I cant get access to a select few sites (bankingonline, hotmail incl MSN Messagener, irishrail.ie, etc). I can solve this by switching NAT on on the router but that disturbs my VPNs and the like as it sets my IP as -.-.-.33. I need to solve this problem, but still keep my current IP address -.-.-.34 (assigned to the firewall)

    Anyone got an idea of how to solve this?


Comments

  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    Please don't post on several forums.
    In relation to your question, why can't you access those particular websites ? What do the firewall logs say ? Why can't you enable nat on the firewall ?

    Gav


  • Closed Accounts Posts: 216 ✭✭gogul


    Sorry bout that Verb.

    The NAT is enabled on the firewall. Its the router that wont allow the connections through, but the logging on the D-Link 502-T is pretty much non-exsistant.

    I used to have a Zyxel Prestige 600, but that was taken by the old staff here. That worked just as a dial-up. It would just forward eveything on to the firewall, where that would handle the routing. This new D-Link, seems to have taken some security issues into its own hands

    have u ever used a D-Link or come across thios kinda problem before?


  • Closed Accounts Posts: 6,143 ✭✭✭spongebob


    Is it

    1 on 1 NAT

    or

    Hide address NAT

    on the firewall.

    M


  • Closed Accounts Posts: 394 ✭✭Batbat


    Do all your cleint PC have public IPs also? or are you NATing through the checkpoint firewall,.


  • Closed Accounts Posts: 216 ✭✭gogul


    Muck - It's Hide Nat
    Batbat - all the machines have private addresses.


  • Advertisement
  • Closed Accounts Posts: 6,143 ✭✭✭spongebob


    open all ports outbound on the Checkpoint and see what happens. The Nat MUST be working if ye are all getting mail web access so its not the NAT per se.

    Bankonline needs 443 open (SSL)

    Dunno about the IM clients

    M


  • Closed Accounts Posts: 216 ✭✭gogul


    Ok, I've opened all ports outbound and setup access for ports 443(SSL) and 1863(MSN) inbound. Still no joy. I'm not getting any warnings from the firewall. Just to ensure the rules were running, I blocked 443 and was able to see the firewall in action.

    The only thing I can assume is that it's the router, but the logging is terrible, so I cant see if anything is being blocked. Even so, all the router is setup to do is dial-up.


  • Closed Accounts Posts: 394 ✭✭Batbat


    you dont need the checkpoint firewall, just enable the firewall and NAT ON the DSL router, NAT will protect you from most / all incomming attacks anyway, but enable the firewall on the router anyway, you dont need the checkpoint


  • Registered Users, Registered Users 2 Posts: 379 ✭✭jim_bob


    on the firewall check to see if the following are open from the internet to your local network if not open them

    bootp_client (udp:68) & ike (udp:500)


  • Closed Accounts Posts: 394 ✭✭Batbat


    on the firewall check to see if the following are open from the internet to your local network if not open them

    bootp_client (udp:68) & ike (udp:500)

    Seeing as he has VPNs setup using checkpoint I would imagine these ports are open on it in addition to the usual GRE ports.


  • Advertisement
  • Closed Accounts Posts: 216 ✭✭gogul


    yeah I've though about getting rid of the firewall..but only as a last resort. I dont think our current router can handle VPN by itself. Something I'll have to look into

    Cheers


  • Closed Accounts Posts: 55 ✭✭sax0000


    Originally posted by gogul
    yeah I've though about getting rid of the firewall..but only as a last resort. I dont think our current router can handle VPN by itself. Something I'll have to look into

    Cheers

    Why not get everything you need in one box? Makes life simpler!

    I use an inexpensive SnapGear soho firewall appliance which combines the firewall, NAT and vpn functionality in one package. VPN setup is a two minute job – ie entering user IDs and passwords. You can use a vpn connection to change the box’s set-up from a remote location. No special vpn client software required – runs with Windows XP and 2000 and probably other versions. While it has a simple web based user interface, it allows you to get under the hood and tinker around with the Linux set-up on which it runs if you need to do something non-standard.

    Sax0000


Advertisement