Re: Routing on Netscreen 5XP
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Routing on Netscreen 5XP

From: Ben <bjblackmore@xyz.hotmail.com>
Date: Mon Aug 01 2005 - 10:25:45 CEST



"Alan Strassberg" <paleale@bolt.sonic.net> wrote in message 


news:dck3in$1gq$1@bolt.sonic.net...


>


> Pretty straightforward...(I changed the 10 'net from a /8 to a /24)


>


> set interface trust ip 192.168.0.2/24


> set interface untrust ip 10.0.0.1/24


> set route  0.0.0.0/0 interface trust gateway 192.168.0.1


> set policy id 7 from "Untrust" to "Trust"  "10.0.0.10" "192.168.0.1/32" 


> "ANY" nat src permit log


>


> This allows 10.0.0.10 to go to your gateway. This is NATed to


> the source of the 5XP (192.168.0.2) so it'll route to the gateway.


> Note there is a default ANY/ANY rule from trust to untrust.


> You may want to disable this.


>


> alan



Hi Alan,



Thanks for the reply, I will give it a try, and let you know how I get on!



Ben


Received on Thu Sep 29 20:00:03 2005