[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] NAT to secondary IP addresses
From:       sidewinder-admin () adeptech ! com
Date:       2002-08-22 20:27:55
[Download RAW message or body]

I do not believe that is possible.  If you had load balancers in front or
firewalls, this would be trivial.  Have you considered using a NAT pool on
an external router or performing SNAT on an external load balancer?  This
would greatly simplify your configuration.

Another idea, add a post-clone rule on all your secondaries to modify the
primary copy of the ACL.  Something like this:

secondary_clone_cmd("cat /var/log/syncd/acl.dump | sed -e
/nataddr=ipaddr:primary-ip/nataddr=ipaddr:secondary-ip/ >
/var/log/syncd/acl.dump2")
secondary_clone_cmd("/usr/sbin/cf acl purge table='*'")
secondary_clone_cmd("/usr/sbin/cf -F -f /var/log/syncd/acl.dump2")
secondary_clone_cmd("/usr/sbin/cf ipfilter purge all")
secondary_clone_cmd("/usr/sbin/cf -C -f /var/log/syncd/ipfilter.dump")

Note that you would replace primary-ip and secondary-ip with the appropriate
IP addresses.  I can't test this...

Randy Blahut
randall.blahut@langley.af.mil

-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Thursday, August 22, 2002 4:03 PM
To: sidewinder-admin@adeptech.com; sidewinder@adeptech.com
Subject: [Sidewinder] NAT to secondary IP addresses


I have three Sidewinders that I'd like to clone and configure one-to-many
management on but their rulesets are not identical.  The problem is each one
has a secondary IP address on the external interface that is used to NAT all
outboud web traffic.  Since the IP Being used for NAT is a secondary, I
can't use the option "nataddr=host:localhost" as that will use the primary
interface.   Instead I have to use "nataddr=ipaddr:<secondary IP here>".
Since each Sidewinder has a different secondary IP address, each one needs a
unique ruleset to use its secondary.  Is there a way to do an
"add acl table=host:localhost ipaddrs=127.x.x.x" that will resolve to the
secondary IP addresses of each Sidewinder?
 
Jeff Phillips, 1Lt, USAF
Scott AFB, IL 62225
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic