Setting up NAT on a ZXTM appliance

The new release of ZXTM includes a battery of networking improvements. The ability to control how internal traffic is routed onto external networks is now configurable through the administration interface amongst other things. I'll briefly explain what you need to consider when setting this up.

Firstly you need figure out why you want to perform Network Address Translation(NAT). The most common reason for wanting to do this is if your backend nodes need to access some external service e.g. NTP or DNS, which is not directly routable. See the diagram below for an illustration.

The next thing to identify is which interfaces are the external interfaces which could be used to send traffic to this external service. These interfaces should then be set, via the admin interface's Networking page, to perform NAT. For a simple setup as above, this should be sufficient however there are a couple of things which may disrupt this process.

The first problem you may encounter is a conflict with the management port functionality. If the management port is on the network you wish to route traffic to then you will have to disable the management port. The functionality provided by the management port is to ensure security. It makes the the admin interface only available via the management network and it stops any traffic being forwarded onto the management network. However if you wish traffic to be forwarded onto this network you do not need the same strong guarantee of segregation. If you still want to restrict access to machines on the management network you may do this by configuring the Restricting Access section on the Security page. The following is an example of this scenario.

Let's assume that we have three networks, 192.168.0.0/16 our management network, 10.100.0.0/16 our backend network and 168.1.0.0/16 our frontend network. We wish to access a DNS server on the 192.168.0.0/16 network. To do this we first restrict access via the Security page to addresses on the management network,

The next step is to disable the management port on the Networking page; and finally we set eth0 to perform NAT. Once you have done this your backend nodes should be able to contact the DNS server on your management network.

Another problem you may encounter is if you have multiple interfaces on the same network on which there is a service you wish your backend nodes to access. In this case it is necessary to set all the interfaces to perform NAT as traffic may be routed out either interface. As an extension to this NAT will not work if you have more than one interface on the same network where one interface is the management network. Again as per the above example you will need to disable the management port.

For further information please consult section 16.1.5 in the User Manual, which covers the topic of Configuring Network Address Translation(NAT).

Dec [Zeus Dev Team] 25 September 2006  Permalink  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free ZXTM Desktop Edition

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
About this site. The ZXTM KnowledgeHub service is provided without warranty, and articles and comments may not reflect the views of Zeus Technology. For technical support queries, please contact Zeus Technical Support. Disclaimer and Privacy statement.