[nn] Allowing ping to a DIP

[Jason Parsons <jparsons-nn@saffron.net>]

We have a DIP set up as such:

  set interface "ethernet1/2" zone "Untrust"

  set interface ethernet1/2 ip x.x.x.1/24
  set interface ethernet1/2 route
  set interface ethernet1/2 manage ping

  set interface ethernet1/2 dip 18 x.x.x.3 x.x.x.3

We then have a policy allowing traffic outbound via this DIP:

  set policy id 30 from "Production" to "Untrust"  "10.0.0.0/24" "Any" "HTTP"
  nat src dip-id 18 permit 
  set policy id 30
  exit

This works perfectly for outbound traffic.  However, for troubleshooting
purposes, we would like the outside world to be able to ping the DIP (ie,
x.x.x.3).  Is there any easy (or hard) way to do this?  Turning on 'manage
ping' for the "parent" interface seems to have no impact on the DIPs.

Thank you. 
 - Jason Parsons


_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn