Firewall Wizards mailing list archives

Re: Sunscreen NAT

From: "Gary Ferrer" <gary () ferrer yi org>
Date: Tue, 8 Jan 2002 09:50:16 -0800

Humm ok, but I'm still a bit confused.  My reading of the documentation
seems to indicate that I should be using Dynamic NAT (2 or 3 PCs need
Internet access through Dynamic IP gateway/firewall) since I don't need to
connect back to the PCs from the outside world.  If that's the case, do I
still need to setup static routes or arps?

Secondly, this is how I setup the Dynamic NAT rules:

Type        Source    Dest        Trans-Source        Trans-Dest
----------------------------------------------------------------------------
--
Dynamic   private        *            dnet0.net                    *


Addresses are defined as follows:

"private" GROUP { "melody" "gary" "linuxbox" } { } COMMENT ""
"dnet0.net" RANGE 24.76.40.0 24.76.43.255

melody, gary, linuxbox are 192.168.0.2 .3 and .4.
dnet0.net is my external dynamic IP interface
iprb1.net is my internal static private ip

Logically this should work but perhaps I'm not interpreting the rules
correctly?

Gary.

----- Original Message -----
From: "Mendez, David (CORP, DDEMESIS)" <David.Mendez () ddemesis ge com>
To: "Gary Ferrer" <gary () ferrer yi org>; "Firewall-Wizard"
<firewall-wizards () nfr com>
Sent: January 8, 2002 8:47 AM
Subject: RE: [fw-wiz] Sunscreen NAT

For Static NAT you have to put two rules,, and for dynamic NAT just one.
Remember you have to put arp's and static routes in OS Level, depending

what kind of NAT you are using.


Create two objects, and the rule would be:   inter_net  * inter_net_nat  *

regards,

David Mendez


-----Original Message-----
From: Gary Ferrer [mailto:gary () ferrer yi org]
Sent: Monday, January 07, 2002 5:26 PM
To: Firewall-Wizard
Subject: [fw-wiz] Sunscreen NAT


I'm wondering if someone could help me configure SunScreen 3.1 Lite NAT.
I'm having a lot of trouble with it and can't get the NAT side of it
working.

My network is as follows:
Private network (192.x.x.x) to firewall gateway with Dynamic IP.

1) Do I need two Dynamic NAT rules or just one?
2) How do I set up the rules (I've tried all sorts of combinations of
'source, Dest, Trans_source, Trans_Dest)

Thanks.

Gary Ferrer
gary () ferrer yi org



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Sunscreen NAT Gary Ferrer (Jan 08)
- <Possible follow-ups>
- RE: Sunscreen NAT Mendez, David (CORP, DDEMESIS) (Jan 09)
  - Re: Sunscreen NAT Gary Ferrer (Jan 09)
- Re: Sunscreen NAT Valerie Anne Bubb (Jan 09)
  - Re: Sunscreen NAT Gary Ferrer (Jan 09)
- Re: Sunscreen NAT Valerie Anne Bubb (Jan 09)