Firewall Wizards mailing list archives
Re: Sunscreen NAT
From: "Gary Ferrer" <gary () ferrer yi org>
Date: Tue, 8 Jan 2002 10:45:17 -0800
Hi Valerie,
Are you using DHCP? If yes, then you'll want to set up an address group that is recalculated at activation time that represents your public IP ("localhost" is defined at activation time, and can be used dynamicly as follows): edit> add address "insideLocal" HOST 192.168.1.1 edit> add address "publicIP" GROUP { localhost } { insideLocal } edit> add address "inside" RANGE 192.168.1.2 192.168.1.10 edit> add address "Internet" GROUP { * } { inside } edit> add NAT DYNAMIC "inside" "Internet" "publicIP" "Internet" edit> save edit> quit
This is interesting, I didn't know you could use 'localhost' to depict the 'external dynamic ip' of the machine! You would think that 'publicIP' should contain a range of valid dynamic IP addresses the DHCP server would spit out. I also would not have thought about including 'inside' as part of the 'internet' group. This worked wonderfully, Thank you. PS: I used to work at Sun in Vancouver until this summer. Hope things are going well!
# ssadm activate <configname> So, your "source" is the source IP seen in the packet as it arrives at the screen, "inside". "dest" is when you want to do NAT (when talking to the Internet, "*" also would work, but then you would have trouble communicating directly to the screen). "transSrc" is what the source IP should look like as it leaves the screen ("publicIP"), and "transDst" is what the destinationIP should look like when it leaves the box. It's actually valid to have a dynamic NAT rule where you are modifying the destination addresses, and not the source IPs. If you are using DHCP, then you will need to reactivate your sunscreen configuration when you've aquired a new IP address - you can write a script to do this. hope that helps! Valerie -- valerie.bubb () sun com bubb () bubb org
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Sunscreen NAT Gary Ferrer (Jan 08)
- <Possible follow-ups>
- RE: Sunscreen NAT Mendez, David (CORP, DDEMESIS) (Jan 09)
- Re: Sunscreen NAT Gary Ferrer (Jan 09)
- Re: Sunscreen NAT Valerie Anne Bubb (Jan 09)
- Re: Sunscreen NAT Gary Ferrer (Jan 09)
- Re: Sunscreen NAT Valerie Anne Bubb (Jan 09)