Use local.arp entries, if you’re doing manual NAT or the automatic NATed objects are outside the external network.
Check Global Properties -> NAT -> Merge manual proxy ARP configuration, this should be active.
The file local.arp ist located in the directory $FWDIR/conf:
# vi $FWDIR/conf/local.arp
Find the MAC-address of the external interface:
# ifconfig ethx | grep -e Link -e inet
ethx Link encap:Ethernet HWaddr AA:BB:CC:DD:EE:FF
inet addr:192.168.6.3 Bcast:192.168.6.31 Mask:255.255.255.224
Set ethx to the appropriate interfage, e.g. eth1.
Make an entry in the file $FWDIR/conf/local.arp:
10.58.252.18 AA:BB:CC:DD:EE:FF 192.168.6.3 # comment
- create an object for 10.58.252.18
- create NAT-Rules (static or in object)
- push the policy
On the firewall-node execute the following command:
fw ctl arp servername_if_dns_is_set (10.58.252.18) at aa-bb-cc-dd-ee-ff interface 192.168.6.3
Every time you edit a local.arp-entry, you have to push the policy and check the entry with the fw ctl arp-command again
Schreibe eine Antwort