[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Hiding NAT with Proxy ARP
Hi, I'm sure most of the guy's on this list know that it's possible to use a differtent IP address than the Firewall-IP address for Hiding NAT: 10.1.1.0/24 -------------- | | Hiding-NAT for | 192.168.0.0/24 & 192.168.1.0/24: 10.1.1.2 | |10.1.1.1 /-------------\ 192.168.1.0/24 | FW |------------------------------------------------- \-------------/ |192.168.0.1 | ------------------- 192.168.0.0/24
Started some debugs and found out that the active machine does not answer the arp-requests for the address 10.1.1.2. Double checked the arp entry on the machine (created with arp -s 10.1.1.2 <HW-Address> pub). After some searches through the lists I found out that a route to the destination is necesary to get this working. e.g. route add -host 10.1.1.2 gw <destination> Hmm... How to set this route in the network-topo shown above? There is no clear destination... I've tried to set an interface-route: route add -host 10.1.1.2 dev eth0 This seems to work but I'm sure this is not the official solution for this. Has anyone this kind of config up and running? Thanks for any hints. Greetz, Markus -- Markus Hofbauer, IT-Service / Security Bacher Systems EDV GmbH, Wienerbergstr. 11B, A-1101 Wien, Austria phone: +43 (1) 60 126-34 | fax: +43 (1) 60 126-4 e-mail: [email protected] | web: www.bacher.at ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|