[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local.arp changes still not picked up
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <xlatedIP> <press tab> <ExtMacofFirewall> as I remember. eric. On Thu, 07 September 2000, Jim Brown wrote: > > > I think the documentation is wrong. If I am not mistaken it is > actually IP then MAC. > > -----Original Message----- > From: Jason Witty [mailto:[email protected]] > Sent: Thursday, September 07, 2000 8:24 AM > To: Rick Camp > Cc: 'Bill McCabe'; [email protected] > Subject: Re: [FW1] local.arp changes still not picked up > > > > Your local.arp file is backwards. It should be in the format (I > thnk the FAQ listed it worng, as I just got this out of the CP > books): > > <MAC ADDR> <IP ADDR> > > Not the other way around. Change it, reboot, you should be cool. > > Jason > > > Rick Camp wrote: > > > > Bill, > > > > I ran into this problem about a year ago with an NT 4.0 firewall. > > I am > not > > sure as to the cause, but I did find a work around. > > > > We were using a Cisco 2524 router and by clearing the arp tables, > > it would then pick up the new information from the local.arp > > file. I believe the commands are show arp to look at the table > > and clear arp to clear it out > and > > you must be in enable mode on a Cisco router to clear the arp > > table. > Maybe > > someone with more router experience can confirm if I am > > remembering the correct commands. > > > > If you can't telnet into your router you could try powering it > > off and > back > > on, but I don't know if that will solve the problem, and I don't > > know if > you > > are in a situation where you can down your router. > > > > I hope this helps. > > > > Rick > > > > _______________________________________ > > Rick Camp > > Welsh Consulting > > 31 Milk Street, Suite 805 > > Boston, MA 02109 > >Tel > >Fax > > [email protected] > > www.welsh.com > > > > -----Original Message----- > > From: Bill McCabe [mailto:[email protected]] > > Sent: Wednesday, September 06, 2000 10:54 PM > > To: [email protected] > > Subject: [FW1] local.arp changes still not picked up > > > > Sadly, the new proxy ARP entries still didn't take after a > > fwstop/start, and even a reboot. The old one still works fine. > > The network objects and rules are patterned identically to the > > working one, which was set up according to the instructions in > > the Phoneboy FAQ. I clearly must be missing something, unless it > > has to do with the limitations of Windows NT 4.0 Workstation, or > > the fact that the internal NIC is Token Ring. Any suggestions or > > leads would be greatly appreciated. > > > > Bill > > > > At 1:16 PM -0400 9/6/00, Bill McCabe wrote: > > >Thanks for all the replies. I will bounce the firewall when I > > >get the > green > > >light from above. I couldn't remember whether I had restarted > > >the FW service last June when I added the prior static mapping. > > >Since the > Phoneboy > > >FAQ says: > > > > > > > > >>In Windows NT, the 'arp' command will not function in this > > >>manner. > Version > > >>2.1c and later of FireWall-1 will do the proxy arps for you. > > >>You must create a file called %SystemRoot%\fw\state\local.arp > > >>(case matters!), which is formated as follows: > > >> > > >>translated_ip_address mac_address > > >> > > >>In the example above, this file would contain: > > >> > > >>206.99.98.50 08-00-20-76-ea-77 > > >> > > >>Once you've set this file up, you will need to re-install the > > >>current rulebase. > > > > > > > > >I was hesitant to restart it for no reason. I naturally assumed > > >I had > made > > >an error somewhere. > > > > > > > > >Bill > > > > > > > > > > > > > > > >=================================================================== > >======== > > ==== > > >= > > > To unsubscribe from this mailing list, please see the > > > instructions > at > > > http://www.checkpoint.com/services/mailing.html > > > >=================================================================== > >======== > > ==== > > >= > > > > > ==================================================================== > ======== > > ==== > > To unsubscribe from this mailing list, please see the > > instructions at > > http://www.checkpoint.com/services/mailing.html > > > ==================================================================== > ======== > > ==== > > > > > ==================================================================== > ======== ==== > > To unsubscribe from this mailing list, please see the > > instructions at > > http://www.checkpoint.com/services/mailing.html > > > ==================================================================== > ======== ==== > > > ==================================================================== > ======== ==== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ==================================================================== > ======== ==== > > > ==================================================================== > ============ > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBObe5PhcEgL9uyUb5EQK4WACeJwBnbExJChA+mR/m0+co4hGfyuIAoNwN LcRm2SM4WYB7kU0Suax5tCkV =ZxE9 -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|