Nicolas Brouard wrote:
> Hi,
>
> I am new on this list and new in firewall setting.
>
> The problem we have in implementing our firewall is that everything works
> well with a static address and nothing with a dynamic address (dyn-NAT).
>
> I mean that a public IP address is correctly translated into a fix internal
> address and vice versa. And we can access Internet from the inside.
>
> But if we mapped a range of a fixed internal adresses to a public address
> (dynamic NAT) nothing can go through the firewall. More precisely we
> discovered with 'snoop' that the internal addresses 172.16.0.x are wrongly
> mapped, outside the firewall, to an IP address which is always 0.0.0.{x-1}
> and the public address already set! So it can't work.
> But how is it possible? Why x-1 and why 0.0.0.?
> The setting of the mapping seems correct. We did not apply any rule for the
> testing.
>
> We use Sunscreen EFS. Does this problem deal with the software, or is it a
> more general problem?
EFS 2.0 has some very serious problems with Nat, (actually the over all
product is very shaby, it's proxies are very poor), they may have fixed things
with 3.0.
I fixed the problems with Nat by changing the order I listed the rules, namely
list all static rules before dynamic rules.
It's a known bug. If you've got a day to kill, do a search on SunSolve for EFS
bugs.... :-)
T.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
