Vertiv Avocent - Defined Networks

To Next Page

To Previous Page

From the Interfaces tab you designate interfaces as either inside or outside, with respect to how they will be used within

NATand firewall rules. Interfaces designated as Inside are private and interfaces designated as Outside are public.

Be sure to designate at least one interface as Outside and one interface as Inside before trying to reference those interfaces

within a NATor firewall rule. When network mode changes or interface name changes occur, this table must be updated to

ensure the proper interface is designated as Inside or Outside. Also ensure that IPaddresses are correctly resolved in the

tables at the bottom of the screen. If IPaddresses are not correct, move them from the included list to the available list and

back again to refresh the data within the table.

To move an interface:

1. From the sidebar, click Firewall and NAT, then click the Interfaces tab.

2. Under the Outside i/f (Public)or the Inside i/f (Private)heading, click an interface you want to move from the

Available field, then click the Right Arrow to move it to the Include field.

3. Click the Left Arrow to move the interface back to the Available field, if desired.

4. Repeat as desired for each interface under either the Outside or Inside headings.

5. Click Apply.

To create IPaliases for 1-to-1 NAT:

1. From the appliance's Linux shell, type cd, then type /usr/bin/fwnatdirectory.

2. The fwnat-alias.sh script can be used to create IPaliases on the eth0/eth1/bond0/<bridge group> interfaces.

NOTE: Created IP aliases will appear on the Interfaces tab within the firewall.

Syntax for the script is:./fwnat-alias [-h] -c <add|del|mod> -i <eth0 | eth1> -n <ifname> -a <cidr formated IP> [-b

<broadcast address>] [-m <cidr formated IP>[*<broadcast address>]]

For example:

./fwnat-alias.sh -c add -i eth0 -n drac7 -a 192.168.200.195/24 -b 192.168.200.255

COMMAND DESCRIPTION

-h Displays the command syntax

-c Command to add, delete or modify an IPalias interface

-i Alias for eth0 | eth1 | bond0 | bridge group

-n Name of the alias up to 8 characters

-a IP address in CIDR format

-b Broadcast address

-m

Modified IP address in CIDR format with an '*' preceding

the modified broadcast address

Table 6.3 Script Syntax Commands Descriptions

6.5.2 Defined networks

Anetwork definition denotes a range of IPs through the CIDR formatted IPaddress. The subnet address/IDis the

appropriate value for the IPaddress field combined with the subnet mask in prefix notation.

Defining a network and associating it with an interface is an efficient way of using a single NATor firewall rule to apply to

any and all host IPs residing within an IPrange.

NOTE: Creation of network definitions is useful for grouping hosts within a range of IPs but is not required for all

types of NATand firewall rules.

Vertiv | Avocent® Universal Management Gateway Appliance Installer/User Guide | 74

Other manuals for Vertiv Avocent