Firewall Wizards mailing list archives
Sunscreen EFS 3.1 stealth mode and NAT
From: Roy Culley <tgdcuro1 () gd2 swissptt ch>
Date: Tue, 20 May 2003 10:08:34 +0200
I have a sunscreen in stealth mode. I have been asked to do a static NAT of an internal host which has a private address. I added the private address (private_dns) to the address group for the internal interface (so it has now the internal stealth net addresses and this private address). I added the NAT address (private_dns_nat), which is part of the stealth subnet address range, to the address group for the external interface. I added 2 NAT rules: 1 STATIC "private_dns" "*" "private_dns_nat" "*" 2 STATIC "*" "private_dns_nat" "*" "private_dns" When I snoop the incoming and outgoing interfaces I see the packet arriving on the internal interface with src address private_dns. I see a packet go out on the external interface with src address private_dns_nat. The reply packet comes in the external interface with dst address private_dns_nat. This packet does not appear on the internal interface. The sunscreen log shows the initial packet arriving on the internal interface as passed. The return packet arriving on the external interface is also logged pass. Does anyone know why the return packet is not being sent out on the internal interface? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- <Possible follow-ups>
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 22)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Valerie Anne Bubb (May 22)