Table of Contents
Advertisement
Configuring Anti-Spoofing
If anti-spoofing is configured (that is, the entries for Valid Addresses on each
interface are set to something other than Any), modify the anti-spoofing
configuration to account for address translation. Otherwise, you will see:
n
n
Note
It is a good idea to have your spoof track set to log on all your interfaces,
even if you currently do not use the anti-spoofing configuration. This aids
in debugging, particularly if you configure it.
Before NAT was set up, the anti-spoofing was set up as shown in Table 8.
Table 8 Configuring Anti-Spoofing
Interface
eth0
eth1
However, this set up is not sufficient when using NAT to devices on your
internal network. Include those legal IP addresses that are statically translated
to your internal network. In this case, it means adding 204.32.38.10 to the
valid addresses setting for the internal interface. Create a group to do this. In
this case, it is called eth1-valid. Put the following objects into the group:
n
n
Nokia IP71 User Guide
Traffic accepted by the firewall to the translated IP address, but the traffic
never makes it to its intended destination.
Drops or rejects on rule 0 in the logs.
IP Address
204.32.38.1
192.168.1.1
Internal_Network
WWW_Server_External
Configuring Using the GUI
Valid Address Setting
Others
This Net
83
Advertisement
Table of Contents
