From the Interfaces tab you designate interfaces as either inside or outside, with respect to how they will be used within
NATand firewall rules. Interfaces designated as Inside are private and interfaces designated as Outside are public.
Be sure to designate at least one interface as Outside and one interface as Inside before trying to reference those interfaces
within a NATor firewall rule. When network mode changes or interface name changes occur, this table must be updated to
ensure the proper interface is designated as Inside or Outside. Also ensure that IPaddresses are correctly resolved in the
tables at the bottom of the screen. If IPaddresses are not correct, move them from the included list to the available list and
back again to refresh the data within the table.
To move an interface:
1. From the sidebar, click Firewall and NAT, then click the Interfaces tab.
2. Under the Outside i/f (Public)or the Inside i/f (Private)heading, click an interface you want to move from the
Available field, then click the Right Arrow to move it to the Include field.
3. Click the Left Arrow to move the interface back to the Available field, if desired.
4. Repeat as desired for each interface under either the Outside or Inside headings.
5. Click Apply.
To create IPaliases for 1-to-1 NAT:
1. From the appliance's Linux shell, type cd, then type /usr/bin/fwnatdirectory.
2. The fwnat-alias.sh script can be used to create IPaliases on the eth0/eth1/bond0/<bridge group> interfaces.
NOTE: Created IP aliases will appear on the Interfaces tab within the firewall.
Syntax for the script is:./fwnat-alias [-h] -c <add|del|mod> -i <eth0 | eth1> -n <ifname> -a <cidr formated IP> [-b
<broadcast address>] [-m <cidr formated IP>[*<broadcast address>]]
For example:
./fwnat-alias.sh -c add -i eth0 -n drac7 -a 192.168.200.195/24 -b 192.168.200.255
COMMAND DESCRIPTION
-h Displays the command syntax
-c Command to add, delete or modify an IPalias interface
-i Alias for eth0 | eth1 | bond0 | bridge group
-n Name of the alias up to 8 characters
-a IP address in CIDR format
-b Broadcast address
-m
Modified IP address in CIDR format with an '*' preceding
the modified broadcast address
Table 6.3 Script Syntax Commands Descriptions
6.5.2 Defined networks
Anetwork definition denotes a range of IPs through the CIDR formatted IPaddress. The subnet address/IDis the
appropriate value for the IPaddress field combined with the subnet mask in prefix notation.
Defining a network and associating it with an interface is an efficient way of using a single NATor firewall rule to apply to
any and all host IPs residing within an IPrange.
NOTE: Creation of network definitions is useful for grouping hosts within a range of IPs but is not required for all
types of NATand firewall rules.
Vertiv | Avocent® Universal Management Gateway Appliance Installer/User Guide | 74
To Next Page
Loading...
Need help?
General
