NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] local.arp changes still not picked up



I've had this same problem with almost every static nat config.

The IOS command for the arp cache on a Cisco box is: clear arp
To view the arp table: sh arp

Some configs include putting static routes on the exterior router to go
to the firewall for staticly translated ips, but if the router and the
external interface of the firewall are connected to the same net, then
everything should work with just the arps.

Hope this helps!
Chuck.

-----Original Message-----
From: Rick Camp [mailto:[email protected]]
Sent: Thursday, September 07, 2000 10:05 AM
To: 'Bill McCabe'; [email protected]
Subject: RE: [FW1] local.arp changes still not picked up



Bill,

I ran into this problem about a year ago with an NT 4.0 firewall.  I am
not
sure as to the cause, but I did find a work around.  

We were using a Cisco 2524 router and by clearing the arp tables, it
would
then pick up the new information from the local.arp file.  I believe the
commands are show arp to look at the table and clear arp to clear it out
and
you must be in enable mode on a Cisco router to clear the arp table.
Maybe
someone with more router experience can confirm if I am remembering the
correct commands.

If you can't telnet into your router you could try powering it off and
back
on, but I don't know if that will solve the problem, and I don't know if
you
are in a situation where you can down your router.

I hope this helps.

Rick

_______________________________________
Rick Camp
Welsh Consulting 
31 Milk Street, Suite 805 
Boston, MA 02109TelFax 
[email protected] 
www.welsh.com


-----Original Message-----
From: Bill McCabe [mailto:[email protected]]
Sent: Wednesday, September 06, 2000 10:54 PM
To: [email protected]
Subject: [FW1] local.arp changes still not picked up



Sadly, the new proxy ARP entries still didn't take after a fwstop/start,
and even a reboot. The old one still works fine. The network objects and
rules are patterned identically to the working one, which was set up
according to the instructions in the Phoneboy FAQ. I clearly must be
missing something, unless it has to do with the limitations of Windows
NT
4.0 Workstation, or the fact that the internal NIC is Token Ring. Any
suggestions or leads would be greatly appreciated.

Bill


At 1:16 PM -0400 9/6/00, Bill McCabe wrote:
>Thanks for all the replies. I will bounce the firewall when I get the
green
>light from above. I couldn't remember whether I had restarted the FW
>service last June when I added the prior static mapping. Since the
Phoneboy
>FAQ says:
>
>
>>In Windows NT, the 'arp' command will not function in this manner.
Version
>>2.1c and later of FireWall-1 will do the proxy arps for you. You must
>>create a file called %SystemRoot%\fw\state\local.arp (case matters!),
>>which is formated as follows:
>>
>>translated_ip_address    mac_address
>>
>>In the example above, this file would contain:
>>
>>206.99.98.50    08-00-20-76-ea-77
>>
>>Once you've set this file up, you will need to re-install the current
>>rulebase.
>
>
>I was hesitant to restart it for no reason. I naturally assumed I had
made
>an error somewhere.
>
>
>Bill
>
>
>
>
>=======================================================================
====
====
>=
>     To unsubscribe from this mailing list, please see the instructions
at
>               http://www.checkpoint.com/services/mailing.html
>=======================================================================
====
====
>=





========================================================================
====
====
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
====
====


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.