Re: PIX Firewall, Help with nemask use in NAT and Global comands

[Luke Butcher <luke.butcher () alphawest com au>]

On Fri, 2004-05-07 at 11:30, Adel Guia Cruz wrote:
> What mask to use in the NAT command to indicate only one IP?
>  
> The mask that indicate a HOST:
> Nat (inside) 1 192.168.10.10 mask 255.255.255.255
>  
> What mask to use in the Global command ?
>  
> The mask that indicate a HOST:
> Global (outside) 1 190.190.190.195 netmask 255.255.255.255

Use the version with 255.255.255.255 is equivalent to /32 which means a
host only.
Not, you don't need the MASK keyword for the nat statement. And don't
need the netmask for the global, it will default to a host ONLY and do
PAT if mulitple hosts are inside.

They would read
nat (inside) 1 192.168.10.10 255.255.255.255
global (outside) 1 190.190.190.195

Luke Butcher
Network/Security Consultant
www.alphawest.com.au
--


Alphawest Disclaimer

If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster () alphawest com au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
Alphawest collects, uses and stores information regarding its customers 
from time to time in accordance with its privacy policy located on www.alphawest.com.au
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards