|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local.arp changes still not picked up
Thanks all for all the help. Everything is working as it should. The problem started because the initially the MAC addr had a typo. Even though that had been corrected early, on the Cisco router was retaining it in its arp table. Once that was cleared and the FW restarted, it worked fine. Thanks again Bill At 11:51 AM -0300 9/7/00, Chuck Melanson wrote: >It is <IP> <MAC>; RE: http://www.phoneboy.com/fw1/faq/0121.html > >I just set up static nat this morning, with that local.arp config. > >Chuck. >-----Original Message----- >From: Jason Witty [mailto:[email protected]] >Sent: Thursday, September 07, 2000 10:24 AM >To: Rick Camp >Cc: 'Bill McCabe'; [email protected] >Subject: Re: [FW1] local.arp changes still not picked up > > > >Your local.arp file is backwards. It should be in the format (I thnk >the FAQ listed it worng, as I just got this out of the CP books): > ><MAC ADDR> <IP ADDR> > >Not the other way around. Change it, reboot, you should be cool. > >Jason > > >Rick Camp wrote: >> >> Bill, >> >> I ran into this problem about a year ago with an NT 4.0 firewall. I >am not >> sure as to the cause, but I did find a work around. >> >> We were using a Cisco 2524 router and by clearing the arp tables, it >would >> then pick up the new information from the local.arp file. I believe >the >> commands are show arp to look at the table and clear arp to clear it >out and >> you must be in enable mode on a Cisco router to clear the arp table. >Maybe >> someone with more router experience can confirm if I am remembering >the >> correct commands. >> >> If you can't telnet into your router you could try powering it off and >back >> on, but I don't know if that will solve the problem, and I don't know >if you >> are in a situation where you can down your router. >> >> I hope this helps. >> >> Rick >> >> _______________________________________ >> Rick Camp >> Welsh Consulting >> 31 Milk Street, Suite 805 >> Boston, MA 02109 >>Tel >>Fax >> [email protected] >> www.welsh.com >> >> -----Original Message----- >> From: Bill McCabe [mailto:[email protected]] >> Sent: Wednesday, September 06, 2000 10:54 PM >> To: [email protected] >> Subject: [FW1] local.arp changes still not picked up >> >> Sadly, the new proxy ARP entries still didn't take after a >fwstop/start, >> and even a reboot. The old one still works fine. The network objects >and >> rules are patterned identically to the working one, which was set up >> according to the instructions in the Phoneboy FAQ. I clearly must be >> missing something, unless it has to do with the limitations of Windows >NT >> 4.0 Workstation, or the fact that the internal NIC is Token Ring. Any >> suggestions or leads would be greatly appreciated. >> >> Bill >> >> At 1:16 PM -0400 9/6/00, Bill McCabe wrote: >> >Thanks for all the replies. I will bounce the firewall when I get the >green >> >light from above. I couldn't remember whether I had restarted the FW >> >service last June when I added the prior static mapping. Since the >Phoneboy >> >FAQ says: >> > >> > >> >>In Windows NT, the 'arp' command will not function in this manner. >Version >> >>2.1c and later of FireWall-1 will do the proxy arps for you. You >must >> >>create a file called %SystemRoot%\fw\state\local.arp (case >matters!), >> >>which is formated as follows: >> >> >> >>translated_ip_address mac_address >> >> >> >>In the example above, this file would contain: >> >> >> >>206.99.98.50 08-00-20-76-ea-77 >> >> >> >>Once you've set this file up, you will need to re-install the >current >> >>rulebase. >> > >> > >> >I was hesitant to restart it for no reason. I naturally assumed I had >made >> >an error somewhere. >> > >> > >> >Bill >> > >> > >> > >> > >> >>======================================================================= >==== >> ==== >> >= >> > To unsubscribe from this mailing list, please see the >instructions at >> > http://www.checkpoint.com/services/mailing.html >> >>======================================================================= >==== >> ==== >> >= >> >> >======================================================================== >==== >> ==== >> To unsubscribe from this mailing list, please see the >instructions at >> http://www.checkpoint.com/services/mailing.html >> >======================================================================== >==== >> ==== >> >> >======================================================================== >======== >> To unsubscribe from this mailing list, please see the >instructions at >> http://www.checkpoint.com/services/mailing.html >> >======================================================================== >======== > > >======================================================================== >======== > To unsubscribe from this mailing list, please see the instructions >at > http://www.checkpoint.com/services/mailing.html >======================================================================== >======== > > >=============================================================================== >= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=============================================================================== >= ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
