Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Hiding NAT with Proxy ARP

To: [email protected]
Subject: [FW-1] Hiding NAT with Proxy ARP
From: Markus Hofbauer <[email protected]>
Date: Sun, 24 Aug 2003 21:23:35 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I'm sure most of the guy's on this list know that it's possible to use a
differtent IP address than the Firewall-IP address for Hiding NAT:

        10.1.1.0/24
        --------------
                |
                | Hiding-NAT for
                | 192.168.0.0/24 & 192.168.1.0/24: 10.1.1.2
                |
                |10.1.1.1
         /-------------\                                 192.168.1.0/24
        |       FW      |-------------------------------------------------
         \-------------/
                |192.168.0.1
                |
        -------------------
        192.168.0.0/24


This works fine on Solaris. Last week I notices that this scenario does not
work any more on SecurePlatform AI ClusterXL (New Mode HA Broadcast).

Started some debugs and found out that the active machine does not answer
the arp-requests for the address 10.1.1.2. Double checked the arp entry on
the machine (created with arp -s 10.1.1.2 <HW-Address> pub).

After some searches through the lists I found out that a route to the
destination
is necesary to get this working.
e.g. route add -host 10.1.1.2 gw <destination>

Hmm...

How to set this route in the network-topo shown above? There is no clear
destination...

I've tried to set an interface-route: route add -host 10.1.1.2 dev eth0
This seems to work but I'm sure this is not the official solution for this.

Has anyone this kind of config up and running? Thanks for any hints.

Greetz,
Markus

--
Markus Hofbauer, IT-Service / Security
Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria
phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4
e-mail: [email protected] | web: www.bacher.at

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] Follow-up questions - Re: [FW-1] Management Station not listening on tcp/257
Next by Date: Re: [FW-1] Hiding NAT with Proxy ARP
Previous by thread: [FW-1] NEVERMIND Re: [FW-1] icmp packet drops?
Next by thread: Re: [FW-1] Hiding NAT with Proxy ARP
Index(es):
- Date
- Thread