Thread: Multiple Networks / Manual NAT
View Single Post
  #4 (permalink)  
Old 2006-12-28
crucial crucial is offline
Member
  
Join Date: 2006-03-24
Posts: 51
Rep Power: 3
crucial has an average reputation (10+)
Default Re: Multiple Networks / Manual NAT
Thanks for the reply, I'll try to add some more useful information. Currently my anti-spoofing configuration looks like this:

Eth9 Outside Interface > Points to Internet

Eth8 Inside Interface > Defined as everything in 128.100.100.0/24 network and everything in the 10.0.0.0/8 network.

Allow bi-directional NAT is checked under Automatic NAT rules.

Translate Destination on Client Side is checked under both Automatic and Manual NAT rules.

A common appearance in the log file is below:
Code:
if      action      src          dst          service      
eth9  ACCEPT    68.x.x.x    128.100.100.5      21/ftp
eth8  DROP      68.x.x.x    128.100.100.5      21/ftp
eth9  ACCEPT    68.x.x.x    128.100.100.10     25/ftp
eth8  DROP      68.x.x.x    128.100.100.10     25/ftp
I had no address_spoofing messages before adding the manual NAT rules. Surprisingly traffic is not affected even though Eth8 shows "drop" in the log.

I hope this helps, I'm glad to provide any other information that would be helpful.

Thanks again
Reply With Quote