Firewall Wizards mailing list archives

Re: Sunscreen EFS 3.1 stealth mode and NAT

From: Valerie Anne Bubb <Valerie.Bubb () Sun COM>
Date: Tue, 20 May 2003 11:39:53 -0700 (PDT)

have you exempted this traffic from the anti spoofing rules ? These
sort of problems on Sunscreen sometimes are caused by anti spoofing
stopping traffic.


It appears to be an arp problem. An arp is sent from the external
router asking for the MAC for the private_dns_nat. The sunscreen
changes this to an arp for the private_dns address. Nothing replies
to this. The internal router would need to use proxy arp for the
private_dns address.

We have decided to do NAT on the internal router.


If you are using SunScreen in Stealth mode, it should take
care of the proxy arps for you automagicly.  Let me look over your
configuration information to see if I can narrow this down.

Valerie

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- <Possible follow-ups>
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 20)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Roy Culley (May 22)
- Re: Sunscreen EFS 3.1 stealth mode and NAT Valerie Anne Bubb (May 22)