topic How to nat in General Topics

How to nat

1815375d-cbf2-4 — Fri, 23 Nov 2018 09:18:24 GMT

Please bear with me. I have one ip in a dmz zone : 1.1.1.1 and another ip in the same dmz zone subnet : 1.1.1.2.

Both are public ip`s.

Ip 1.1.1.2 is actualy nat ip of a lan host 3.3.3.3

1.1.1.1 is unable to reach 1.1.1.2.

Operating system R77.30

Can you please help with a example configuration?

Re: How to nat

Gaurav_Pandya — Fri, 23 Nov 2018 16:55:10 GMT

Hi,

Please explain more about DMZ Zone subnet.

If you have defined DMZ zone subnet 1.1.1.0/24 then communication between 1.1.1.1 & 1.1.1.2 will not come to firewall. It should communicate directly.

You can use Manual NAT rules for granular configuration.

Re: How to nat

PhoneBoy — Fri, 23 Nov 2018 18:05:43 GMT

A network diagram with all the relevant hosts included would help,

Re: How to nat

Maarten_Sjouw — Sat, 24 Nov 2018 22:10:44 GMT

This has nothing to do with NATting, this is plain old fashioned routing that is bugging you.

When you try to access 1.1.1.2 from 1.1.1.1 it will just do an ARP to the network the host is in. Now when you use the network 1.1.1.x on a DMZ this means you have a route for it from the internet and you have no need for Proxy ARP and you can use manual NAT.

However in this case you will need to tell the FW that it needs to act as if it has IP 1.1.1.2 on it's DMZ interface, this is done by the aid of Proxy ARP in clish:

add arp proxy 1pv4-address 1.1.1.2 interface <DMZ>

At the spot of <DMZ> you fill the actual interface for network 1.1.1.x

Re: How to nat

1815375d-cbf2-4 — Mon, 26 Nov 2018 13:33:13 GMT

Thank you for replying and for you answer. It has sense.

I have logged onto the firewall engine and i have put:

add arp proxy ipv4-address 1.1.1.2 interface ethX.

Waiting for the customer feedback to see if it is working now.

Thank you all for the support.