Allied Telesis Patch 86261-04 Instrukcja Użytkownika Pobierz pdf (Strona 16)

16 Patch Release Note

Patch 86261-09 for Software Release 2.6.1

C613-10388-00 REV J

The timeout interval for IGMP group membership now conforms to RFC

2236 for IGMPv2.

Firewall NAT ARP response enhancement

Introduction WAN connections such as those used for connecting to the Internet,

sometimes utilise Ethernet interfaces. When connected in this way, a router

that is also acting as a NAT device must be able to respond to ARP requests

for any of its global IP addresses. Failure to do this will prevent any

upstream devices such as ISP servers from forwarding packets to these

(global) addresses, even though the router may in other respects be

correctly configured.

What does the

enhancement do?

This enhancement enables the NAT router to respond to any of its

configured global IP addresses, not just those addresses configured to its IP

interfaces or reachable by enabling proxy ARP.

Example

If a NAT router, acting as a firewall, is translating the source address of an

outgoing packet to an address other than that of its own IP interface, the

firewall router needs to ARP respond for this source address in order to

receive and translate returning packets.

Using commands for

this enhancement

This feature is always enabled when NAT rules and interface-based NATs

are created, so no configuration is required. However, it is now possible to

enable and disable ARP debugging on a firewall policy. Also, a new

command, SHOW FIREWALL ARP displays the addresses for which the

firewall may respond to ARP requests.

To enable the display of debugging information relating to ARP requests

that are processed by the firewall, use the command:

ENABLE FIREWALL POLICY=policy-name DEBUG=ARP

To disable the display of debugging information relating to ARP requests

that are processed by the firewall, use the command:

DISABLE FIREWALL POLICY=policy-name DEBUG=ARP

To display the addresses for which the firewall may ARP respond, use the

command:

SHOW FIREWALL ARP [POLICY=policy-name]

Example output for the SHOW FIREWALL ARP command is shown in

Figure 1:

Figure 1: Example output from the SHOW FIREWALL ARP command

PCR: 40023 Module: IPG Level: 2

PCR: 40025 Module: Firewall

IP ARP Interfaces NAT Type Int Gbl Int Rule

(range) Policy

--------------------------------------------------------------------------------

172.20.8.50 Public Int based eth0-0 eth1-0 -

Office

172.20.8.57 All Public Rule eth0-1 - 1

-172.20.8.62 LAN

--------------------------------------------------------------------------------

1 2 ... 11 12 13 14 15 16 17 18 19 20 21 ... 47 48

Komentarze do niniejszej Instrukcji

Brak uwag

Allied Telesis Patch 86261-04 Instrukcja Użytkownika Strona 16

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Switche sieciowe Allied Telesis Patch 86261-04