rajbal,
my first inclination upon seeing SNMP and NAT in the same sentence is to say "uh, this is going to be a tough job..."
the issue with NAT'ing SNMP is that SNMP carries address information in the payload. therefore you really need to "proxy" the SNMP protocol, and rewite the payload as needed. alas, currently ipfilter does not inherently provide any SNMP-proxy capability. you may want to look at RFC 2962 http://rfc.net/rfc2962.html and also do a google seach on "snmp-alg"
can anyone lend some additional SNMP assistance to rajbal?
the SNMP problem aside, the very best way to diagnose the types of issues you are seeing with your configuration is to get familiar with the snoop and/or tcpdump utilities. failing your own inspection, posting the output of these types of tools to the list is a sure way to get to a quick solution to your problem. btw, leave your ipf.conf nulled until you get your NAT going.
also, you may want to read phil's FAQ, located here: http://home.earthlink.net/~jaymzh666/ipf/index.html
jim
-------- Original Message -------- Subject: IpFilter Request Date: Thu, 20 Mar 2003 14:26:41 -0500 From: Rajbal Balan <[EMAIL PROTECTED]> Organization: MCI WorldCom (SubNet Manager) To: Rajbal Balan <[EMAIL PROTECTED]>
Hi,
I apologize sending you this mail directly. My posting on the IpFilter mailing list does not seem to be going through and since you were one of the 'experts' on the list, I was wondering if you could provide me with some insight into this problem. My original posting is attached below. Thanks in advance for any help you can provide ...
> Hi, > > I am sort-of new to this, so I apologize if anything mentioned > below does not make sense. I have looked thru the FAQ and the > mailing list archives and not found anything on the issue below. > > We are using IPNAT to show our network devices the same IP address > for certain SNMP(UDP) requests. We have processes running on 2 > servers (A & B) and plan to install IPNAT on Server-B and route > all IP packets from Server-A headed for the those specific networks > via Server B. This is how the ipnat.conf file looks: > > map hme0 A.A.A.A/32 -> B.B.B.B/32 portmap udp auto > > The ipf.conf file is empty. > > With this setup, one of the processes running on Server-A, which > uses TFTP to download a configuration file from the device (approx. > 10K bytes) cannot do its function anymore. IPMON (on Server-B) > shows an connection coming in from Server-A, but nothing happens > beyond that. I am able to TFTP the file from Server-B or other > machines on the network, so the device seems to functioning allright. > > Have I missed something in my setup? Do I need to add something > in ipf.conf? Would appreciate any help ... > > Thanks in advance, > > - Raj.
-- ---------1---------2---------3---------4---------5---------6---------7-------- - Rajbal Balan Vnet : 965-6711 Software Engineer EMail : [EMAIL PROTECTED] SNM Team
