Use local.arp entries, if you’re doing manual NAT or the automatic NATed objects are outside the external network.

Check Global Properties -> NAT -> Merge manual proxy ARP configuration, this should be active.

The file local.arp ist located in the directory $FWDIR/conf:

# vi $FWDIR/conf/local.arp

Find the MAC-address of the external interface:

# ifconfig ethx | grep -e Link -e inet
ethx      Link encap:Ethernet  HWaddr AA:BB:CC:DD:EE:FF
          inet addr:192.168.6.3  Bcast:192.168.6.31  Mask:255.255.255.224

Set ethx to the appropriate interfage, e.g. eth1.
Make an entry in the file $FWDIR/conf/local.arp:

10.58.252.18     AA:BB:CC:DD:EE:FF    192.168.6.3   # comment
  • create an object for 10.58.252.18
  • create NAT-Rules (static or in object)
  • push the policy

On the firewall-node execute the following command:

fw ctl arp
servername_if_dns_is_set (10.58.252.18) at aa-bb-cc-dd-ee-ff interface 192.168.6.3

Every time you edit a local.arp-entry, you have to push the policy and check the entry with the fw ctl arp-command again

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Schreibe eine Antwort

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

Erforderlich