Need help with Contivity 600 NAT configuration

[Jax777]

Hello,

I have a Contivity 600 that I would like to be able to NAT local LAN traffic out onto the internet with just like our Contivity 100 does by default. Unfortunately I'm not very knowledgable on how to get this accomplished and the documentation available from Nortel doesn't seem to be very helpful. They go so far as to say that the C600 is capable of doing exactly what I want it to do, but then never explain how to configure to do so.

I was hoping that someone would be able to tell me exactly what needs to be setup to get this done assuming the box had the default settings to begin with.

I am running version V05_00.136 of the software. I do not have a service aggreement with Nortel and therefore am not eligible to download any newer versions of the software. I also don't have any license keys that would let me activate things like OSPF and the stateful firewall so I'm hoping that what I want to do can be accomplished without these things, but if it cannot I'd like to know.

Any help would be greatly appreciated.

Thank you.

 

[biv343]

Log into the Contivity. Go under Services, Firewall/NAT. Start the firewall/NAT manager application. Create a new NAT rule.

For basic NAT translation (multiple PC's browsing outbound), build your rule like this:

Source - any
Destination - any
Service - any
NAT Action - Port Mapping
Translated Source - Public Interface
Translated Destination - Any

Save it, apply the NAT rule you just built under the Services, Firewall/NAT page, and you should be set.

This isn't as fancy as you can make things, but this is essentially all the Contivity 100 ever did.

 

[Jax777]

Thank you biv343 for your response.

Unfortunately for me I have tried the setup as you explained and I still cannot ping out onto the internet from an inside machine. Nor can I browse the internet.

I have setup everything correctly on the inside machine such as DNS, gateway and whatnot, I'm pretty certain the fault lies on the Contivity 600 but I don't know where to begin looking.

Is it possible that the c600 is blocking the NAT traffic?

One thing to note is that this c600 has a VPN tunnel setup between it and another c600. Is it possible that this is interfering somehow?

 

[VPNSteve]

I see you do not have the firewall key. For a Contivity 600 to pass traffic, you must either use the Stateful firewall (which you cannot) or use the interface filters (which you can). You need to go to Services->Firewall/Nat and enable the interface filters. When you do this you'll have to reboot. You want to set the policy on the interfaces (under System->Lan) to Permit All if you don't want to do any filtering. Keep in mind that your only protection at that point will be that you are doing port forwarding NAT (if you set things up as biv343 described). Port forwarding NAT only allows connections to your computer that YOU initiate.

So, to recap: enable interface filters, set the interface filters to permit all.

The tunnel you set up to the other 600 will not interfere in any way. One other thing - make sure you've got a public default route set in Routing->Static Routes