Updated 11th July 2017
Manual ARP in Firewall 1 NG
If you must use manual NAT rules on win 2000 (and later!), do the following:
c:\windows\fw1\R62\fw1\conf\local.arp file as per the format below.
2. Uncheck “Automatic Arp Configuration” in Global Properties
3. Check the setting under the Manual Nat settings in Global Properties.
4. You will need to add the static routes (see below on the firewall module for NAT.
5. Reinstall your policy.
6. Last but not least – reboot or just do a cpstop and a cpstart
local.arp should be formatted like this:
220.127.116.11 00-18-71-ec-39-59 18.104.22.168 00-18-71-ec-39-59 22.214.171.124 00-18-71-ec-39-59 126.96.36.199 00-18-71-ec-39-59
1.2.3.x are the external IP addresses you want to assign to the hosts.
00-18-71-ec-39-59 is the MAC address of your firewall external interface (the interface that is on the internet).
I’m afraid I have Windows only information here:
route -p add 188.8.131.52 mask 255.255.255.255 192.168.1.2 route -p add 184.108.40.206 mask 255.255.255.255 192.168.1.3 route -p add 220.127.116.11 mask 255.255.255.255 192.168.1.4 route -p add 18.104.22.168 mask 255.255.255.255 192.168.1.5
In the above example, the 192.168.1.x addresses are the internal hosts you want to direct traffic to.
For hairpin NAT, see the hairpin NAT howto.