Thread: Use NAT to translate an external IP to an internal one?
View Single Post
  #1 (permalink)  
Old 2006-12-19
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 909
Rep Power: 3
RayPesek has an average reputation (10+)
Default Use NAT to translate an external IP to an internal one?
I can't figure this one out. We have a lot of devices that are going to outside NTP servers but we want them to use internal ones.

For example, I would like to redirect all ntp-udp requests going to time.windows.com (207.46.130.100) to a specific internal IP address.

I set up the NAT rule as it should be, or rather, as I *think* it should be, but all that happens is a tracert to 207.46.130.100 dies after the internal interface. There's nothing in the rule base except an accept to the original IP address.

We've got a lot of devices, like label printers, that have some firmware causing them to go to time servers all over the place but it's not exposed in the administrative interface. The rule should look something like:

Source: LAN-group-excluding-master-NTP-server
Service: ntp-udp
Destination: original

Source: original
Service: ntp-udp
Destination: internal-time-server

internal-time-server is reachable via ntp-udp from the firewall itself.

Any guesses would be appreciated.

Thanks,

Ray
Reply With Quote