[fw-wiz] PIX Firewall, Help with nemask use in NAT and Global comands

From: Adel Guia Cruz (aguia_at_fifomi.gob.mx)
Date: 05/07/04

  • Next message: Crispin Cowan: "Re: [fw-wiz] Worms, Air Gaps and Responsibility" 
    To: firewall-wizards@honor.icsalabs.com
Date: Thu, 6 May 2004 20:30:58 -0500

    I´m new in PIX firewall and I have a question about how to use netmask in
    Nat and Global commands.
     
    PIX506E
     
    inside interface 192.168.10.1 MASK 255.255.255.0
    outside interface 190.190.190.192 MASK 255.255.255.224
     
    I want to translate only one IP address from inside, for example
    192.168.10.10, to one IP address from outside 190.190.190.195, so static
    NAT from inside to outside will be perform. I no want to use the static
    command because the translation is from inside to outside.
     
    Inside -----------------NAT------------------> Outside
    Host 192.168.10.10------NAT--------------> 190.190.190.195
     
    What mask to use in the NAT command to indicate only one IP?
     
    The mask that indicate a HOST:
    Nat (inside) 1 192.168.10.10 mask 255.255.255.255
     
    Or the same mask as the inside interface
    Nat (inside) 1 192.168.10.10 mask 255.255.255.0
     
    What mask to use in the Global command ?
     
    The mask that indicate a HOST:
    Global (outside) 1 190.190.190.195 netmask 255.255.255.255
     
    Or the same mask as the outside interface
    Global (outside) 1 190.190.190.195 nemask 255.255.255.224
     
     
    Thanks for the HELP
     
     
     
     
     
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Crispin Cowan: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"

    Relevant Pages

    • Re: [RFC] kernel facilities for cache prefetching
      ... params 'file filename' and 'mask pagemask'. ... The intention of that example was to show that filesystem dir/inode ... can also be retrieved through this interface. ... should do is to present elevators with most readahead requests before ...
      (Linux-Kernel)
    • named error in /var/log/messages
      ... 'address mask not contiguous' ie contiguous one bits from the left. ... > configure more than one interface with DHCP so I had to use the above ... net as indicated by the fxp0 netmask, ... I'm not clear how this works through your switch, ...
      (freebsd-questions)
    • Re: VMS to InfoPrint 40 printer via LPD and DCPS
      ... >queue, ... >Our new network has a network mask of 255.255.254.0 ... >1) Do I use the new mask and what is the broadcast mask? ... So look with SHOW INTERFACE and eventually SET INTERFACE ...
      (comp.os.vms)
    • Re: REPOST:Hiding base class property from derived class instance
      ... It sounds like you want to use an interface instead of inheritance. ... If you have public properties in a base class, you won't be able to mask ... An interface of common properties will be easier for you to control. ... Essentially, you can't rename properties in child classes, because then ...
      (microsoft.public.dotnet.languages.csharp)
    • call for testers: getifaddrs(3) patch for pppd(8), bin/9379
      ... struct sockaddr_dl *hwaddr; ... struct ifreq ifs; ... Scan through looking for an interface with an Internet ... u_int32_t mask, nmask, ina; ...
      (freebsd-current)