Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
151152153154155156157158159160
Appendix A: State Tables for VPN-1/FireWall-1 4.0 NAT tables
Advanced Technical Reference Guide 4.1 June 2000 151
fw_route table
Information about this table will be available in the next update to this document.
NAT tables
Address Translation Connection tables
The fwx_forw and fwx_backw tables serve as a connection table for address translated connections for outgoing
(forw) and incoming (backw) connections. Each entry holds both the original connection and the translated
connection.
fwx_forw table
Example
attributes: expires 2147483647, limit 25000, refresh, keep, free function
4276388946 0
<c0a83005, 00000467, c7cb477a, 0000008b, 00000006; c7cb477d, 900027d5,
c7cb477a, 0000008b, 00000000; 3184/3600>
The fwx_forw table uses the following format:
<original source IP address, original source port, original destination IP address, original destination port, IP
protocol; translated source IP address, translated source port (highest byte is used for flags, translated
destination IP address, translated destination port (highest byte is used for flags), TCP sequence structure; time
left/total time>
The second destination IP address field listed is the destination of the client. The TCP sequence structure is
recorded in case the TCP sequence needs to be changed.
The flags associated with the “source port and flags” and “destination port and flags” fields are:
Flag value Description
0x10 Established connection
0x20 FIN has been received (2 will also appear in the flags area of the destination port)
0x40 Destination static
0x80 Hide mode
0x08 Reverse UDP (in which case the port will be 0)
fwx_backw table
Example
attributes: keep, limit 25000
<c7cb477a, 0000008b, c7cb477d, 000027d5, 00000006; c7cb477a, 0000008b,
c0a83005, 90000467, 00000000>
The fwx_backw table uses the same format as fwx_forw, but the entries represent the backward connections.
format:
<source IP address, source port, destination IP address, destination port, IP protocol; source IP address, source
port and flags, destination IP address, destination port and flags, TCP sequence structure>