Use local.arp entries, if you’re doing manual NAT or the automatic NATed objects are outside the external network.

Check Global Properties -> NAT -> Merge manual proxy ARP configuration, this should be active.

The file local.arp ist located in the directory $FWDIR/conf:

# vi $FWDIR/conf/local.arp

Find the MAC-address of the external interface:

# ifconfig ethx | grep -e Link -e inet
ethx      Link encap:Ethernet  HWaddr AA:BB:CC:DD:EE:FF
          inet addr:  Bcast:  Mask:

Set ethx to the appropriate interfage, e.g. eth1.
Make an entry in the file $FWDIR/conf/local.arp:     AA:BB:CC:DD:EE:FF   # comment
  • create an object for
  • create NAT-Rules (static or in object)
  • push the policy

On the firewall-node execute the following command:

fw ctl arp
servername_if_dns_is_set ( at aa-bb-cc-dd-ee-ff interface

Every time you edit a local.arp-entry, you have to push the policy and check the entry with the fw ctl arp-command again

Schreibe eine Antwort

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.