Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
1815375d-cbf2-4
Explorer

How to nat

Please bear with me. I have one ip in a dmz zone : 1.1.1.1 and another ip in the same dmz zone subnet : 1.1.1.2.

Both are public ip`s.

Ip 1.1.1.2 is actualy nat ip of a lan host 3.3.3.3

1.1.1.1 is unable to reach 1.1.1.2.

Operating system R77.30

Can you please  help with a example configuration?

0 Kudos
4 Replies
Gaurav_Pandya
Advisor

Hi,

Please explain more about DMZ Zone subnet. 

If you have defined DMZ zone subnet 1.1.1.0/24 then communication between 1.1.1.1 & 1.1.1.2 will not come to firewall. It should communicate directly.

You can use Manual NAT rules for granular configuration.

0 Kudos
PhoneBoy
Admin
Admin

A network diagram with all the relevant hosts included would help,

0 Kudos
Maarten_Sjouw
Champion
Champion

This has nothing to do with NATting, this is plain old fashioned routing that is bugging you.

When you try to access 1.1.1.2 from 1.1.1.1 it will just do an ARP to the network the host is in. Now when you use the network 1.1.1.x on a DMZ this means you have a route for it from the internet and you have no need for Proxy ARP and you can use manual NAT.

However in this case you will need to tell the FW that it needs to act as if it has IP 1.1.1.2 on it's DMZ interface, this is done by the aid of Proxy ARP in clish: 

  add arp proxy 1pv4-address 1.1.1.2 interface <DMZ>

At the spot of <DMZ> you fill the actual interface for network 1.1.1.x

Regards, Maarten
1815375d-cbf2-4
Explorer

Thank you for replying and for you answer. It has sense.

I have logged onto the firewall engine and i have put:

add arp proxy ipv4-address 1.1.1.2 interface ethX.

Waiting for the customer feedback to see if it is working now.

Thank you all for the support.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events