============================================== nmap
nmap -v -sR -P0 -T Aggressive -o nmap.out <your network>
============================================== Checkpoint FW-1
fw log -ft -n | grep <IP of system that cannot get through the firewall>
------------------------------------ rulesets
convert a *.W file to a *.pf file.
   fw gen rulebase_name.W > rulebase_name.pf
   If you want to VIEW rules from the command line, I highly recommend
   you view the .pf file, not the .W file.  The .pf file numbers all
   rules in the rulebase, .W file does not.  Also, the .pf file contains
   all global properties, .W does not.
------------------------------------ 
   If you want to EDIT rules from the command line, I highly recommend
   you edit the .W file, and not the .pf file.  The .pf file is
   overwritten every time you do a "fw load" or push a new rulebase.  So,
   if you edit a .pf file, then push a new rulebase, the .pf file will be
   overwritten during the compile process, losing your changes.  Editing
   the .W file saves the changes.
------------------------------------ debug
fw load -d rulebase.W
------------------------------------ 
fw logexport -i fw.log -o fwlog.txt -n	convert log into ascii text
	-n parameter you do not resolve IP
------------------------------------ typical order, rulebase 
1.SecuRemote Encryption rules 
2.FireWall to FireWall Encryption rules 
3.Incoming "accept" rules 
4.Outgoing "accept" rules 
5.Client Authentication rules 
6.Session Authentication rules 
7.User Authentication rules 
8.Clean-up rule 
------------------------------------ 
============================================== iptables
forward http requests (port 8008) to port 80 of one of the internal boxes
iptables -t nat -A PREROUTING -p tcp --dport 8008 -j DNAT --to 192.168.xx.xx:80
??iptables -A OUTPUT -t nat -p tcp -d 127.0.0.1 --dport 8080 -j DNAT --to 192.168.xx.xx:8080