transparant mode in netscreen 5gt - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>EmergingNetworking - 热门网络技术

transparant mode in netscreen 5gt

transparant mode in netscreen 5gt# EmergingNetworking - 热门网络技术

l*y2006-06-06 07:06

1 楼

i just can't see transparant mode as an option on the gui, there are just nat
and route. trying to do it via the cli by setting the ips to be 0.0.0.0 and
setting trust interface to be in zone V1-trust, etc.

m*t2006-06-06 07:06

2 楼

what do you mean transparent mode? transport mode or tunnel mode?

nat

【在 l***y 的大作中提到】

: i just can't see transparant mode as an option on the gui, there are just nat
: and route. trying to do it via the cli by setting the ips to be 0.0.0.0 and
: setting trust interface to be in zone V1-trust, etc.

z*r2006-06-06 07:06

3 楼

还有interface mode是什么？俺对具体命令也不熟悉，厚厚

必

l*y2006-06-06 07:06

4 楼

yes, we've got the full get tech-support output and verified system is in
transparant mode. box is in trust-untrust mode, etc, etc. in utter
motification. just opened a case with juniper. i have a feeling it's some
configuration problem. =/

z*r2006-06-06 07:06

5 楼

还有interface mode是什么？俺对具体命令也不熟悉，厚厚

必

【在 z**r 的大作中提到】

: 还有interface mode是什么？俺对具体命令也不熟悉，厚厚
:
: 必

l*y2006-06-06 07:06

6 楼

okay, it is official, i'm not a he. :D

z*r2006-06-06 07:06

7 楼

why not get a document? it should be a basic issue, do you have juniper.net
account? if no, I can help to download the document, hehe

let
the
flood.
V1-
.
is
康王的仪容，但乘坐的龙辇被黄缦红绫遮挡得严严实实，百姓们其实半点也无法看见。
看来，一行车驾在急急赶路，通知也不及时，百姓们都没被郡中安排做具体的反应。
但车驾排场已经惊骇到了所有人的心，百姓们无不高呼：“我王万岁！”接着比次拜服，
连郡守带领下的小吏们都晚了百姓半分。
谁也没有想到的是，这场宏大的场面在通山公国的贵族后裔子弟姬垩的心上种上了一
句话。通山公国，据说是兽人的杂种，可渐渐却成了中大陆诸国的一部分。姬氏是国中一
姓，族中曾经出过几代名将。靖康取其地后，移民戍出，调当地大族入，这就有了姬族的
今日。
姬垩这年十六岁，正处于一个充满幻想的年代。世家的回顾让他这样的年轻人常以名
门自诩，把威镇列国的西定将军姬羽作为血脉中的因子。他这就这样站在一边看着，突然
有种博钱的

【在 l***y 的大作中提到】

: okay, it is official, i'm not a he. :D

z*r2006-06-06 07:06

8 楼

no, he means the layer2 transparent mode, basically, the firewall will
function like a bridge instead of a router.

【在 m**t 的大作中提到】

: what do you mean transparent mode? transport mode or tunnel mode?
:
: nat

l*y2006-06-06 07:06

9 楼

okay, it is official, i'm not a he. :D

B*R2006-06-06 07:06

10 楼

isn't this the way basic firewall would act like?

.
is

【在 l***y 的大作中提到】

: okay, it is official, i'm not a he. :D

l*y2006-06-06 07:06

11 楼

man, i've got the full documentaion CD. we've gone through it multiple times.
hehe

c*a2006-06-06 07:06

12 楼

good point. Read her original post again, seems that .25 can always ping .26
not vice versa, even by swapping two endpoints to different zones.
I was originally thinking of "unset interface vlan1 bypass-non-ip", but now
looks like .26 is not responding to ping anyway
also she might want to check forwarding table (arp table)

ARP

【在 m**t 的大作中提到】

: what do you mean transparent mode? transport mode or tunnel mode?
:
: nat

l*y2006-06-06 07:06

13 楼

man, i've got the full documentaion CD. we've gone through it multiple times.
hehe

z*r2006-06-06 07:06

14 楼

还有interface mode是什么？俺对具体命令也不熟悉，厚厚

必

【在 z**r 的大作中提到】

: no, he means the layer2 transparent mode, basically, the firewall will
: function like a bridge instead of a router.

z*r2006-06-06 07:06

15 楼

: man, i've got the full documentaion CD. we've gone through it multiple times.
: hehe

l*y2006-06-06 07:06

16 楼

it's frustrating. we have pc1(10.1.1.10)- untrust port ------trust port ---
pc2(10.1.1.11),
pc1 can see pc2's arp; pc2 can see pc1's arp. netscreen has both of their arp
entry. however ping is one directional. swapped the port and the ping is still
one directional, and the direction didn't reverse as we thought it would.
swapped pc1 with another pc, same problem. verified both pc aren't running
firewall. the jtac guys said we'd have to do some debug. hopefully this gets
resolved today.

z*r2006-06-06 07:06

17 楼

you have the tcpdump output from both pc's?

arp
still

【在 l***y 的大作中提到】

: it's frustrating. we have pc1(10.1.1.10)- untrust port ------trust port ---
: pc2(10.1.1.11),
: pc1 can see pc2's arp; pc2 can see pc1's arp. netscreen has both of their arp
: entry. however ping is one directional. swapped the port and the ping is still
: one directional, and the direction didn't reverse as we thought it would.
: swapped pc1 with another pc, same problem. verified both pc aren't running
: firewall. the jtac guys said we'd have to do some debug. hopefully this gets
: resolved today.

l*y2006-06-06 07:06

18 楼

okay, it is official, i'm not a he. :D

【在 c*a 的大作中提到】

: good point. Read her original post again, seems that .25 can always ping .26
: not vice versa, even by swapping two endpoints to different zones.
: I was originally thinking of "unset interface vlan1 bypass-non-ip", but now
: looks like .26 is not responding to ping anyway
: also she might want to check forwarding table (arp table)
:
: ARP

z*r2006-06-06 07:06

19 楼

no, he means the layer2 transparent mode, basically, the firewall will
function like a bridge instead of a router.

【在 m**t 的大作中提到】

: what do you mean transparent mode? transport mode or tunnel mode?
:
: nat

c*a2006-06-06 07:06

20 楼

: what do you mean transparent mode? transport mode or tunnel mode?
:
: nat