FAQ0171: How can static NAT being implemented for SBFC ?

The implementation is quite similar like implementing statically NAT for on ordinary Solaris/NT system.

1) You create the same ruling like for static NAT and the security policy.

Assume that the valid_mailsrvr has the IP address 204.32.38.10 and the mailsrvr has the IP address 192.168.11.10.

2) The ONICs on the SBFC installation are used for having these additional valid IP addresses installed. Therefore you need to add them to the ONIC configuration. Run the sbfcconfig in the /opt/fullcluster/bin directory and setting up the node. Configure the interfaces and choose the ONIC configuration. Define the following settings in this configuration:

Multicast IP or MAC address: 05:1c:aa:bb:cc:dd

Unicast IP address: 204.32.38.2 204.32.38.10

whereas the IP 204.32.38.2 is the  default gateway and IP 204.32.38.10 is the published statically NAT for the statically destination mode.

3) The ARP has to be defined for the system. You can define this with a file called S99AddARP in the /etc/rc2.d directory.

arp -s 204.32.38.10 05:1c:aa:bb:cc:dd pub

This is the published statically NAT address and the multicast MAC address of the virtual default gateway you defined in the node configuration.

4) Add a route that the traffic is going to be routed through the firewall, say therefore:

route add 204.32.38.10 192.1.68.11.10

Of course this works only if both networks are directly connected to the firewall. If not you take the IP address of the router which knows the next hop.

5) Finally you need to add the statically definition to the filter.conf file in the /opt/fullcluster/etc directory of each node. Say:

static-nat-ip=204.32.38.10
static-nat-ip=192.168.11.10