Firewall Wizards mailing list archives

Re: Sunscreen EFS 3.1 stealth mode and NAT

From: Roy Culley <tgdcuro1 () gd2 swissptt ch>
Date: Tue, 20 May 2003 18:09:05 +0200

Thanks Ahmed for the reply.

have you exempted this traffic from the anti spoofing rules ? These
sort of problems on Sunscreen sometimes are caused by anti spoofing
stopping traffic.


It appears to be an arp problem. An arp is sent from the external
router asking for the MAC for the private_dns_nat. The sunscreen
changes this to an arp for the private_dns address. Nothing replies
to this. The internal router would need to use proxy arp for the
private_dns address.

We have decided to do NAT on the internal router.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- <Possible follow-ups>
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 22)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Valerie Anne Bubb (May 22)