?
Solved

one-to-one nat

Posted on 2004-04-28
4
Medium Priority
?
316 Views
Last Modified: 2010-05-18
From what I understand by default sonic walls lock down all port unless specified otherwise.  However I have been told that when I enable one-to-one nat this is not true for the public IPs I am forwarding.  Is this the case?  And if so when I start shutting down ports should I shut down the ports for the publics IPs or for the private IPs the Public IPs are being forwarded to or both?  Thanks.
0
Comment
Question by:srawtvl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10940729
When you enable one-to-one NAT, you will also need to create a rule to allow traffic to hit those addresses.

For example, mail server public IP 20.20.20.20, private IP 192.168.0.1 -

You would enable one-to-one NAT to translate 20.20.20.20 to 192.168.0.1.
You would then create a firewall rule to allow port 25 to hit 20.20.20.20.

You do NOT need any more than this.  Everything else is implicitly denied, and traffic that is translated (as long as it's port 25) will be routed through to your private address without any additional rules.
0
 

Author Comment

by:srawtvl
ID: 10951550
This is not true.  I set up a bsd server behind the firewall and pointed a public IP to the private IP addy the bsd box is on.  I did not change any permissions on the firewall.  I am able to SSH to the bsd box from outside our network.  Can someone tell me if I should block ports to the public IP in this case or the private or both? and can someone tell me what sonic wall means by default in their services list?  is it the same as any on a cisco router?
0
 

Author Comment

by:srawtvl
ID: 10952545
OK so I answered my own question.  For anyone else who may need to know heres the deal.

Sonic wall explicitely allows everything.  You have to go in and remove the rules for the service "default" expect for where the source is LAN.

If you are using one-to-one nat you have to then go in and allow the services you need to the PRIVATE addresses.

And default means everything...how intuitive
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 10958198
..yet another firewall vendor doing things slightly different to confuse us !  :)
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question