Hi, The situation: - installation type: distributed - management serwer: Dell 650,Windows 2003 R55 HFA03 - enforcement point: Dell 2650,SPLAT R55 HFA03
I want to create manual NAT hide rule and I don't have control of upstream router (so I can't add static routes on the router). External interface eth0 of enforcement point: 192.168.2.1/24 Internal interface eth1 of enforcement point: 192.168.1.245/24 I want to create manual NAT hide rule for the subnet behind the eth1. I create host object 192.168.2.100, manual hide rule (also of course the rule permitting traffic from 192.168.1.0/24 to any destination/any service), disable automatic ARP in global properties (I also checked when this option is enabled) and install policy. 192.168.1.0 192.168.1.0 any original original original 192.168.1.0 any any 192.168.2.100(h) original original I also follow the KB article and add to the "/etc/sysctl.conf" net.ipv4.conf.all.proxy_arp = 1 net.ipv4.conf.default.proxy_arp = 1 + arp -s 192.168.2.100 <FireWall_external_MAC_addr - eth0> pub and reboot the gw. The problem is the above configuration doesn't work. On the upstream router "show arp" command shows: Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.2.100 0 Incomplete ARPA The enforcement point doesn't want to proxy arp for the 192.168.2.100 with its own MAC of eth0. Any clues? Can anybode help me? Kind regards, Maciek ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
