[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Destination Net Unreachable - local interface

To: Chuck Melanson <[email protected]>
Subject: Re: [FW1] Destination Net Unreachable - local interface
From: Robert Binder <[email protected]>
Date: Tue, 5 Sep 2000 16:35:11 +0200 (Westeurop�ische Sommerzeit)
cc: "Fw-1 (E-mail)" <[email protected]>
In-Reply-To: <31043DFF762FD411A5A90080C869086E014695@EXCHANGE>
Sender: [email protected]


Hi Chuck,

whatabout the traffic from the DMZ to the internet??

Why do you use NAT from internal to DMZ??? There is no need for
it. You can check the late destination in the log files. Are there
log entries???

I think the routing should be correct, because the packets from
the internal network to the dmz are reaching their destination.

robert

On Tue, 5 Sep 2000, Chuck Melanson wrote:

> 
> Hello All,
> 
> I have a problem with a customer firewall, it says that one of the nets
> that are directly connected are "unreachable".
> 
> 	External
> 	x.x.x.x
> 
> 			DMZ - 172.16.254.x
> 
> 	Internal
> 	192.212.123.x
> 
> Traffic from DMZ to Internal works fine, but on the internal net,
> traffic to the DMZ gets a response back from the FW with destination
> unreachable.
> 
> No anti-spoofing is in place, address translation for internal to dmz is
> ANY ANY ORIGINAL, the route on the fw says anything for the 172.16.254.x
> net go to that interface of the fw.
> 
> Traffic the other way works without problem.
> 
> FW module: 4.1 Sp2 on NT
> 
> I have never seen NT spit up a destination unreachable for a connected
> network before...any ideas?
> 
> Chuck.
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 

----------------------------------------
Robert Binder
IT-Security Consultant

Integralis, Niederlassung M�nchen
Gutenbergstr. 1
D-85737 Ismaning
Tel: +49-89-94573-235
Fax: +49-89-94573-119
http://www.integralis.de/
 
A member of the Articon-Integralis Group



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Destination Net Unreachable - local interface
  - From: Chuck Melanson <[email protected]>

Prev by Date: RE: [FW1] Routing functionality
Next by Date: [FW1] Problems with securemote 4.1 SP-1
Prev by thread: [FW1] Destination Net Unreachable - local interface
Next by thread: Re: [FW1] Destination Net Unreachable - local interface
Index(es):
- Date
- Thread