You would use the cluster or vrrp mac address for the arp entry.
-Will
-Original Message-
From: Alb [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 9:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Proxy ARP not working with manual NAT
with Secure Platform NG AI R55
Automatic arp is only for automatic nat rules. This does not work for
manual nat rules.
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
Wang
Sent: Wednesday, October 06, 2004 7:42 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1]
Phil,
Are you trying to NAT 10.10.1.1 to both 202.x.x.11 and 202.x.x.21 ?
If so, it seems like NG-AI is only responding (ARP) to the first rule it finds,
the one that has the 1-1 NAT configured in the Network Object.
You can easily verify this behavior by configuring the DMZ-Server Network
Hi,
If you have no alternative but use manual nat, how can u achieve it in a
HA enviorenment? In Solaris boxes, you can make manual arp virtual ip
firewall-interface mac pub, with the mac of the active node. But
when there is a failover, the mac remains unchanged instead of beeing
published the
You're right. Very sorry about that. I had erroneously thought CP added
that functionality in AI.
-Original Message-
From: Gary Scott [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 7:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Proxy ARP not working with manual NAT with
Configure the Linux kernel to enable proxy arp.
echo 1 /proc/sys/net/ipv4/conf/if_name/proxy_arp
if_name is the name of the external interface that will perform the proxy arping.
-Original Message-
From: Mailing list for discussion of Firewall-1 on behalf of Gary Scott
Sent: Thu
I ran into this exact same problem yesterday. I had added ARP entries, and
routes from external ARPd IPs to the DMZ IPs, but still no go.
The problem is that Linux will not proxy ARP unless you enable it. I had to
add the following line to my /etc/rc.d/rc.local script
echo 1
Hi All,
I have installed a NG AI R55 on a SPLAT. I noticed that the f/w doesn't
response to manual NAT ruled IP address. I have setting as follows:
f/w interaces:
Ext: 202.x.x.1/27
Int: 192.168.1.1/24
DMZ: 10.10.1.1/24
Mail Server: 192.168.1.9
DMZ Server: 10.10.1.11
There requirements are
1.
You don't need to add manual arp entries. Go into Global Properties -
NAT and make sure the defaults are selected, which is all of them (but
the 'automatic arp configuration' is what's important here). It will
create arps for both automatic nat and manual nat.
HTH,
Bill
-Original
I have done both from the every beginning of destination client side and
automatic arp configuration, but not seem to be working.
Cheers,
Phil
-Original Message-
From: William Iselin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 6 October 2004 11:36 PM
To: [EMAIL PROTECTED]
Subject: Re:
10 matches
Mail list logo
