Firewall Wizards mailing list archives
Re: Sunscreen EFS 3.1 stealth mode and NAT
From: Valerie Anne Bubb <Valerie.Bubb () Sun COM>
Date: Tue, 20 May 2003 11:39:53 -0700 (PDT)
have you exempted this traffic from the anti spoofing rules ? These sort of problems on Sunscreen sometimes are caused by anti spoofing stopping traffic.It appears to be an arp problem. An arp is sent from the external router asking for the MAC for the private_dns_nat. The sunscreen changes this to an arp for the private_dns address. Nothing replies to this. The internal router would need to use proxy arp for the private_dns address. We have decided to do NAT on the internal router.
If you are using SunScreen in Stealth mode, it should take care of the proxy arps for you automagicly. Let me look over your configuration information to see if I can narrow this down. Valerie _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- <Possible follow-ups>
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 22)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Valerie Anne Bubb (May 22)