Maarten, thanks for your reply.
I thought of your option 1 right after posting this message. However, for
now I do not want to mess about with a switch/hub between my router and
firewall to get this device connected.
Your option 3 is closest to my initial idea however, I have no idea how to
set this up. How do I configure the interface (as PSN or Protected, what IP
address)?
And how do I setup bridging? How do I define the Pass Through Filters?
We're on 3.7.1
Any help would be greatly appreciated.
Best Regards,
Benno
At 13:37 17-3-2006 +0100, Maarten Vink wrote:
Hi Benno,
There are a number of solutions for this problem:
1) If you don't want to filter any traffic, you can simply place the
machine outside your firewall.
2) Get your ISP to assign a second IP range and get them to route this not
to your ISP's router but to the GNAT Box. You can then assign one of the
addresses to a new interface on your firewall and add this new IP range as
IP Pass Through Hosts/Networks. After doing this you can use the rest of
the IP addresses in this range, specifying the GNAT Box as default gateway.
3) If you are unable to get an extra IP range, set up a bridge between
your free network interface and the external interface. You can now
configure machines on this interface as if it were on the outside of the
firewall (i.e. use your ISP's router af default gateway).
If you choose options 2 or 3, you can configure your firewall policies in
the "IP Pass Through Filters" section.
Regards,
Maarten Vink
Interstroom IT BV
Distributor Benelux
http://www.gnatbox.nl/
Scheldebouw wrote:
Hello,
I have some issues with getting pass through to work in a specific situation:
We have been given a /29 range (6 usable addresses) by our ISP (lets say
123.123.123.32/29). The router is on .33, the Gnatbox is .35. Our
internal network uses NAT and DHCP in the 192.168.1.x/24 range. I've
already setup some aliases, tunnels and filters from some of the external
interface addresses to servers in our network using NAT and that is all
working fine.
I want to give one device (a dedicated video conference unit) an external
address (123.123.123.38) via pass through directly connected to a
separate, dedicated interface on the Gnatbox. I do not want to connect
this device to the protected network. I have a free port on the Gnatbox
for this. The device must have all TCP and UDP open, both inbound and
outbound as the H.323 protocol uses dynamic ports >1024 and I can't get
it to work with NAT anyway, even with the appropriate filters and tunnels.
I'm not sure on how to set this up or if it's possible at all. Any help
would be greatly appreciated.
best regards,
Benno
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
