Network Address Translation
Caution - When using NAT, be sure that, when you are defining a static mapping, the ranges and groups used in the Source and Translated Source fields are exactly the same size.
Also, be sure that the ranges and groups used in the Destination and Translated Destination fields are exactly the same size.
To Add ARP Manually
Type the following if the networks that attach to the Screen on the inside have internal addresses, including any network on which there are addresses to which you want to allow external access:
# arp -s IP_Address ether_address pub |
Note -
You must either add this entry each time that you reboot the Screen or you can write your own script to automate this function. If you are remotely administering the Screen, you either must go to the Screen to add this entry or have a rule in your policy that will allow you to rlogin to the Screen.
To Define NAT Mappings
-
Type the following command to create a static NAT entry that maps an internal address to an external address.
-
For local administration:
edit> add nat STATIC src dest translated_src translated_dest
In most cases when defining a static mapping, the internal address and external address are each a single address, but can be a range or a list.
-
-
Repeat for every mapping that you want.
Use the same command to map for dynamic NAT. Use DYNAMIC instead of STATIC as the type of NAT entry desired.
You may also use a range of addresses or a group of addresses.
To have the changes take effect, you must activate the policy whose rules you edited
To Delete NAT Mappings
Type the following command to delete a NAT entry that maps internal address to an external address, regardless of whether mapping is static or dynamic:
edit> del nat 1 |
To have the changes take effect, you must activate the policy whose rules you edited.
To List the NAT Mappings
- © 2010, Oracle Corporation and/or its affiliates