Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module
81828384858687888990
Displaying and Debugging NAT 87
PPTP: 86,400 seconds
TCP: 86,400 seconds
TCP FIN, RST or SYN connection: 60 seconds
UDP: 300 seconds
ICMP: 60 seconds
The default ALG aging time depends on the specific applications. To effectively
prevent attacks, you can set the aging time of first packet to five seconds.
Displaying and
Debugging NAT
After the above configuration, execute the display command in all views to
display the running of the NAT configuration, and to verify the effect of the
configuration.
Execute the reset command in user views to clear the running.
Execute the debugging command in user view for the debugging of NAT.
NAT Configuration
Example
Network requirements
As shown in Figure 15, an enterprise is connected to the WAN by the address
translation function of the module. It is required that the enterprise can access the
Internet through the module, and provide www, ftp, and smtp services to the
outside. The address of the internal ftp server is 10.0.1.2/24. The address of the
internal www server is 10.0.1.1/24. The address of the internal smtp server is
10.0.1.3/24. It is expected to provide uniform server IP address to the outside.
Internal network segment 10.0.0.0/24 may access Internet, but PC on other
segments cannot access Internet. External PC may access internal server. The
enterprise has six legal IP addresses from 202.38.160.100 to 202.38.160.105.
Choose 202.38.160.100 to be the external IP address of the enterprise.
Tab le 83 Display and debug NAT
Operation Command
Check NAT status
display nat { address-group | aging-time | all |
outbound | server | statistics | session [ source { global
global-addr | source inside inside-addr } ] }
Enable the debugging of NAT
debugging nat { alg | event | packet [ interface {
interface-type interface-number ] }
Disable the debugging of NAT
undo debugging nat { alg | event | packet [ interface
interface-type interface-number ] }
Clear NAT mapping table reset nat{ log-entry | session slot slot-number }