Paolo Riviello www.paoloriviello.com a écrit :
Automatic Proxy ARP
When using static NAT, the cluster can be configured to automatically
recognize the
hosts hidden behind it, and issue ARP replies with the cluster MAC, on
their behalf.
This process is known as Automatic Proxy ARP. If you use different
subnets for the
cluster IPs, this mechanism will not work, and you must configure the
proxy ARP
manually. This is done by creating a file called local.arp, under the
firewall's
configuration directory ($FWDIR/conf). In SmartDashboard, uncheck
Automatic proxy
arp.
Each entry in this file is a triplet, containing the:
• host address to be published
• MAC address that needs to be associated with the IP address
• unique IP of the interface that responds to the ARP request.
The MAC address that should be used is the cluster's multicast MAC
defined on the
responding interface, when using multicast LS, or this interface's
unique IP, for all other
modes.
For example, if host 172.16.4.3 is to be hidden using the address
172.16.6.25, and the
cluster uses Load Sharing Multicast mode, add the following line to
the local.arp file
of Member 1:
172.16.6.25 00:01:5e:10:06:64 192.168.1.1
The second parameter in this line is the multicast MAC address of
cluster IP
172.16.6.100, through which ARP requests for 172.16.6.25 will be
received. On
Member 2, this line will be:
172.16.6.25 00:01:5e:10:06:64 192.168.1.2
If the cluster is in unicast LS mode, or in HA mode, the entries on
Member 1 and 2
will be:
172.16.6.25 00:A0:C9:E8:C7:7F 192.168.1.1
- And -
172.16.6.25 00:A0:C9:E8:CB:3D 192.168.1.2
where the second entry in each line is the unique MAC address of the
matching local
interface.
as is in the manual...
thanks for the response.
I'll check if this works ,because I had some troubles to have it run
properly.
on secureplatform, do you need to modify the /etc/sysctl.conf also ?
cheers
--
Paolo Riviello
Home: http://www.paoloriviello.com
E-mail: [EMAIL PROTECTED]
E-mail: [EMAIL PROTECTED]
Skype: pao_rivi Icq: 285354822
If men could get pregnant, abortion would be a sacrament. (H)
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
