Use local.arp entries, if you’re doing manual NAT or the automatic NATed objects are outside the external network.

Check Global Properties -> NAT -> Merge manual proxy ARP configuration, this should be active.

The file local.arp ist located in the directory $FWDIR/conf:

# vi $FWDIR/conf/local.arp

Find the MAC-address of the external interface:

# ifconfig ethx | grep -e Link -e inet
ethx      Link encap:Ethernet  HWaddr AA:BB:CC:DD:EE:FF
          inet addr:192.168.6.3  Bcast:192.168.6.31  Mask:255.255.255.224

Set ethx to the appropriate interfage, e.g. eth1.
Make an entry in the file $FWDIR/conf/local.arp:

10.58.252.18     AA:BB:CC:DD:EE:FF    192.168.6.3   # comment
  • create an object for 10.58.252.18
  • create NAT-Rules (static or in object)
  • push the policy

On the firewall-node execute the following command:

fw ctl arp
servername_if_dns_is_set (10.58.252.18) at aa-bb-cc-dd-ee-ff interface 192.168.6.3

Every time you edit a local.arp-entry, you have to push the policy and check the entry with the fw ctl arp-command again

Schreibe eine Antwort

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.

Erforderlich

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.