[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Static arp entries for NAT
If you have an init script with the proper routes then life is grand. Put something like this in /etc/init.d/_____ and link from run levels. Solaris will do arp majic all by itself. ie: You will have major problems if the internal address doesn't line up with the internal gateway of the firewall. I take it there is a private address space lan on an interface to the firewall of the type 10.1.1.1/255.255.255.0 ? Then the host must have an address on the 10.1.1.0 class C. And the default gateway must be 10.1.1.1 which should also be the internal address of the firewall. I am I reading correctly that you want to run both private and public addresses on the same lan? #!/bin/sh # case "$1" in 'start') # add NAT host routes - DANGER - changing these will break external access # some happy host: route add _EXTERNAL_IP_ADD_OF_HOST_ _INTERNAL_IP_ADDR_OF_HOST 1 #The last 1 is a metric... ;; 'stop') echo " " ;; *) echo "Usage: $0 { start | stop }" ;; esac Cheers, Craig -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Didier Arenzana Sent: Tuesday, October 17, 2000 9:07 AM To: [email protected]; [email protected] Subject: Re: [FW1] Static arp entries for NAT Hi, You need arp entries when you nat to an address on an existing network connected to one of your firewall's interfaces. These entries will be used when another machine on the network tries to talk with the nated address. It will send an arp request, and your firewall will answer it. If you only NAT to non-existing networks, you don't need arp. You just need well-configured routes. --- Brad Van Orden <[email protected]> a écrit : > > Hello All, > > One of the docs on phoneboy's page talks about setting up static arp > entries > when doing NAT. Solaris only allows an ARP entry for a host that is > directly > attached to one of its networks. Since the NATed address is not > really on > any network, the OS won't let me add an ARP entry. Did I mis-read > something, > or is everyone getting this done somehow? > > Thanks, > > Brad Van Orden > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ___________________________________________________________ Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, Yahoo! Messenger : http://fr.messenger.yahoo.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|