Choosing NAT Addresses
In all NAT situations, one of the addresses in a NAT translation is virtual. It does not really exist and must be simulated by the Screen and other systems in the network.
-
If Source and Translated Source addresses are different, then the Translated Source address is virtual.
-
If Destination and Translated Destination addresses are different, the Destination address is virtual.
Because virtual addresses do not physically exist, how these address are selected and who simulates them is restricted. Simulating a virtual address means providing the functions of ARPing and routing.
In routing mode, the Screen must respond to ARP requests for the public addresses (R2 through R8) because it will be translating public addresses to private addresses. Add an arp entry (using the Solaris command arp -s IP_address ether_address pub) for them. Either add this entry each time that you reboot the Screen or add it to a startup script that runs at boot time. If you are administering the Screen in routing mode remotely, either go to the Screen to add this entry, or have a rule in your policy that allows logging in (rlogin) to the Screen remotely.
In stealth mode, the Screen automatically responds to the ARP requests from a public address so the ARP entry is not necessary.
- © 2010, Oracle Corporation and/or its affiliates