Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

one-to-one nat

Posted on 2004-04-28
4
Medium Priority
?
318 Views
Last Modified: 2010-05-18
From what I understand by default sonic walls lock down all port unless specified otherwise.  However I have been told that when I enable one-to-one nat this is not true for the public IPs I am forwarding.  Is this the case?  And if so when I start shutting down ports should I shut down the ports for the publics IPs or for the private IPs the Public IPs are being forwarded to or both?  Thanks.
0
Comment
Question by:srawtvl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10940729
When you enable one-to-one NAT, you will also need to create a rule to allow traffic to hit those addresses.

For example, mail server public IP 20.20.20.20, private IP 192.168.0.1 -

You would enable one-to-one NAT to translate 20.20.20.20 to 192.168.0.1.
You would then create a firewall rule to allow port 25 to hit 20.20.20.20.

You do NOT need any more than this.  Everything else is implicitly denied, and traffic that is translated (as long as it's port 25) will be routed through to your private address without any additional rules.
0
 

Author Comment

by:srawtvl
ID: 10951550
This is not true.  I set up a bsd server behind the firewall and pointed a public IP to the private IP addy the bsd box is on.  I did not change any permissions on the firewall.  I am able to SSH to the bsd box from outside our network.  Can someone tell me if I should block ports to the public IP in this case or the private or both? and can someone tell me what sonic wall means by default in their services list?  is it the same as any on a cisco router?
0
 

Author Comment

by:srawtvl
ID: 10952545
OK so I answered my own question.  For anyone else who may need to know heres the deal.

Sonic wall explicitely allows everything.  You have to go in and remove the rules for the service "default" expect for where the source is LAN.

If you are using one-to-one nat you have to then go in and allow the services you need to the PRIVATE addresses.

And default means everything...how intuitive
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 10958198
..yet another firewall vendor doing things slightly different to confuse us !  :)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question