https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360829#M17485 I think my original post didn't make clear that I know where the servers need to sit in terms of subnets (inside/outside), I just didn't know if enabling the firewall caused issues for normal routing (from the T1/frame relay interface) on the public interface.<BR /><BR />Let me confirm, for example:<BR /><BR />7102dl config (frame relay, but just showing the net interfaces):<BR />eth 0/1: 192.168.0.1 (Private)<BR />eth 0/2: xxx.xxx.xxx.1 (/27 Public IP Block)<BR />secondary eth 0/2: xxx.xxx.xxx.2<BR /><BR />I know I can sit a server with ip 192.168.0.2 on the private network (gateway 192.168.0.1) and one-to-one NAT xxx.xxx.xxx.2 to 192.168.0.2. That shouldn't be a problem. <BR /><BR />The part I wasn't 100% sure on was, once the firewall is enabled, can I continue to have servers assigned with the remaining public IPs talking to eth 0/2? I'm thinking this will work fine, since that interface is still visible, I just didn't know if I'd run into problems enabling the firewall to NAT a few of those public IP's.<BR /><BR /> Thu, 19 Feb 2009 12:50:44 GMT Casey Morford 2009-02-19T12:50:44Z https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360827#M17483 <!--!*#-->We have a 7102dl for routing our /27 block of IPs.<BR /><BR />Is is possible to NAT a few of the public IPs and just route the remaining IPs? <BR /><BR />For example, a few of our servers have internal IP's only in the 10.0.0.0/8 subnet. I'd like to do a one to one NAT from public to private IPs for those servers. Some of our other servers are simply configured with the public IP. <BR /><BR />By enabling the firewall, am I committed to NATing all of our public IPs, or, from what I've read in the forums, do I simply define the IPs I want NATed as secondary IPs on the public interface, and then the remaining public IPs will be routed as normal? Tue, 17 Feb 2009 23:21:07 GMT https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360827#M17483 Casey Morford 2009-02-17T23:21:07Z https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360828#M17484 no,<BR />all public adresses lay on the "outside" network.<BR /><BR />for incomming connections the firewall only listens to configured NAT adresses.<BR />the other adresses are ignored by this firewall and can be used by another device on the outside network.<BR /><BR />for outgoing connections you may configure a NAT-pool, so multiple internal hosts can share public adresses.<BR /><BR />regards,<BR />Pieter Thu, 19 Feb 2009 09:52:28 GMT https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360828#M17484 Pieter 't Hart 2009-02-19T09:52:28Z https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360829#M17485 I think my original post didn't make clear that I know where the servers need to sit in terms of subnets (inside/outside), I just didn't know if enabling the firewall caused issues for normal routing (from the T1/frame relay interface) on the public interface.<BR /><BR />Let me confirm, for example:<BR /><BR />7102dl config (frame relay, but just showing the net interfaces):<BR />eth 0/1: 192.168.0.1 (Private)<BR />eth 0/2: xxx.xxx.xxx.1 (/27 Public IP Block)<BR />secondary eth 0/2: xxx.xxx.xxx.2<BR /><BR />I know I can sit a server with ip 192.168.0.2 on the private network (gateway 192.168.0.1) and one-to-one NAT xxx.xxx.xxx.2 to 192.168.0.2. That shouldn't be a problem. <BR /><BR />The part I wasn't 100% sure on was, once the firewall is enabled, can I continue to have servers assigned with the remaining public IPs talking to eth 0/2? I'm thinking this will work fine, since that interface is still visible, I just didn't know if I'd run into problems enabling the firewall to NAT a few of those public IP's.<BR /><BR /> Thu, 19 Feb 2009 12:50:44 GMT https://community.hpe.com/t5/switches-hubs-and-modems/7102dl-partial-nat/m-p/4360829#M17485 Casey Morford 2009-02-19T12:50:44Z