When I tried to NAT just the DMZ, I got the following error:
Cannot enable NAT on DMZ without enabling NAT on LAN
That seems kind of silly to me. It looks like that's what I'll have
to do (with one-to-one NAT), though.
I appreciate all of your help Curtis!
-Ian
-----Original Message-----
From: Dude, Curtis [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 6:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
So you are saying you went NAT accross the board. Both on the LAN and DMZ?
Did you then do "One-to-One NAT" for access to your LAN, where needed, from
the internet? That's how I have it setup right now and it works great. I
thought you just wanted to NAT the DMZ, which seems like it is possible when
I look at it. You origionally ran straight public addresses on your LAN
right? I would have thought you could have simply added the NAT to your DMZ
and that's it.
-Curtis
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Ian McBride
Sent: Thursday, May 30, 2002 8:55 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
What a frustrating evening...
I kind of got this running. I enabled NAT, and was able to get
access to the Internet from the private network on my DMZ (and the network
off the LAN port). However, after that, nothing would get past the firewall
to my LAN. Everything was showing up as being blocked by 'Rule 0'. I even
tried removing all of the rules and explicity allowing all connection to one
box and the connection still got blocked.
Anyone have ideas? My /perferred/ solution would be to be NATting
the DMZ and not the LAN, but that doesn't appear to be possible. (grrr).
Thanks.
-Ian
-----Original Message-----
From: Dude, Curtis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
It will have access outgoing no problem. It think people are just concerned
about using those as Internet servers (incoming), which I think can still be
done through On-to-One NAT.
Just remember to export all you working settings first, so if all else fails
you can fall back onto those old settings.
-Curtis
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Ian McBride
Sent: Thursday, May 30, 2002 2:29 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
Actually the machines in the DMZ will need to have internet access.
Hrm. I'll have to play with this in a few hours.
Thanks for everyone's input.
-----Original Message-----
From: Dude, Curtis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 12:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
I think that is Okay in this case. I suppose though that you could do a
one-to-one nat if you needed to connect.
-Curtis
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Jeff Vogt
Sent: Thursday, May 30, 2002 1:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [SonicWALL]- Can I do this part 2. Public on LAN, private
on DMZ with NAT
you can setup a separate network in the dmz, but if it use private ip
addresses it will not be internet accessible as it cannot communicate with
the gateway interface
-----Original Message-----
From: Ian McBride [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 10:03 AM
To: '[EMAIL PROTECTED]'
Subject: [SonicWALL]- Can I do this part 2. Public on LAN, private on
DMZ with NAT
Morning,
I'm hoping someone can give me an answer to this...Curtis' problem
was very much like mine. I've got a SonicWall Pro (running
6.3.1.0)...currently I have a 32 IP subnet (public) on the LAN interface (no
NAT) and the DMZ interface is unused. What I'd like to do is hook up a small
private, NATted network on the DMZ interface. Is this possible without
reconfiguring the rest of my network?
Thanks in advance (and mucho thanks for this list!).
-Ian
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
=======================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
===================================================================================================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the
following: unsubscribe sonicwall your_name
The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
