Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Static arp entries for NAT

To: "Didier Arenzana" <[email protected]>, <[email protected]>
Subject: RE: [FW1] Static arp entries for NAT
From: "Craig Skelton" <[email protected]>
Date: Tue, 17 Oct 2000 10:20:51 -0700
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

If you have an init script with the proper routes then life is grand. Put
something like this in /etc/init.d/_____ and link from run levels. Solaris
will do arp majic all by itself. ie:

You will have major problems if the internal address doesn't line up with
the internal gateway of the firewall. I take it there is a private address
space lan on an interface to the firewall of the type 10.1.1.1/255.255.255.0
? Then the host must have an address on the 10.1.1.0 class C. And the
default gateway must be 10.1.1.1 which should also be the internal address
of the firewall. I am I reading correctly that you want to run both private
and public addresses on the same lan?

#!/bin/sh
#

case "$1" in

'start')
 # add NAT host routes - DANGER - changing these will break external access
 # some happy host:
 route add  _EXTERNAL_IP_ADD_OF_HOST_  _INTERNAL_IP_ADDR_OF_HOST 1
 #The last 1 is a metric...

 ;;

'stop')
 echo " "
 ;;

*)
 echo "Usage: $0 { start | stop }"
 ;;

esac

Cheers,
Craig

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Didier Arenzana
Sent: Tuesday, October 17, 2000 9:07 AM
To: [email protected]; [email protected]
Subject: Re: [FW1] Static arp entries for NAT



Hi,

You need arp entries when you nat to an address on an existing network
connected to one of your firewall's interfaces.
These entries will be used when another machine on the network tries to
talk with the nated address. It will send an arp request, and your
firewall will answer it.

If you only NAT to non-existing networks, you don't need arp. You just
need well-configured routes.

--- Brad Van Orden <[email protected]> a écrit :
>
> Hello All,
>
> One of the docs on phoneboy's page talks about setting up static arp
> entries
> when doing NAT.  Solaris only allows an ARP entry for a host that is
> directly
> attached to one of its networks.  Since the NATed address is not
> really on
> any network, the OS won't let me add an ARP entry.  Did I mis-read
> something,
> or is everyone getting this done somehow?
>
> Thanks,
>
> Brad Van Orden
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====


___________________________________________________________
Do You Yahoo!? -- Pour dialoguer en direct avec vos amis,
Yahoo! Messenger : http://fr.messenger.yahoo.com


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] Static arp entries for NAT
  - From: Didier Arenzana <[email protected]>

Prev by Date: [FW1] More Nat Confusion
Next by Date: [FW1] test
Previous by thread: Re: [FW1] Static arp entries for NAT
Next by thread: Antwort: [FW1] Diff. IP with one FW-1.
Index(es):
- Date
- Thread