|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] I hate local.arp
(Thank you)^9999 to the many responders on this issue. The winning response is included below (thanks to others who corroborated this). I had initially configured anti-spoofing with "log" as the spoof tracking option. However, when I added another interface to the firewall via "get", I failed to re-enable the logging, although I did set up the anti-spoofing. Since I didn't see spoof alerts in the log, I assumed that was not the issue. Stupid me. Thanks again so much to all of you. You all rock big time, and I hope I can continue to be a "good list member" as many of you out there are. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: eric [mailto:[email protected]] Sent: Friday, September 08, 2000 1:44 PM To: 'Dan Hitchcock'; 'FW-1 Mailing List (E-mail)' Subject: RE: [FW1] I hate local.arp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I never had that much problem with it. Did you make sure your antispoofing settings are correct. That tripped me up once or twice. eric. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOblPhBcEgL9uyUb5EQLVAQCg/pfmrRBRwwhmwvemYHEumm2Jf/8AoPY5 yLAzYQ6s418u7G4wVV+Hc4Fg =jyoS -----END PGP SIGNATURE----- -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Dan Hitchcock Sent: Friday, September 08, 2000 4:14 PM To: FW-1 Mailing List (E-mail) Subject: [FW1] I hate local.arp Okay, so I see now why local.arp is such a bummer. #1 - It does not work correctly. #2 - see #1. Per postings over the last couple weeks (I've saved them all) and Checkpoint docs, I have tried to create the local.arp using nearly all permutations of space vs. tab between IP and MAC, dashes or colons in MAC, WordPad, Notepad, or DOS EDIT as editor, etc., all with no luck. My static route in NT is there. I've created a workstation object with the internal IP address, and (per Checkpoint documentation), added an automatic static translation rule to the object using the NAT tab (I also tried creating the NAT rule manually). I have stopped and started the firewall numerous times during these, both from the command line and the Services control panel. I've rebooted ad nauseum. The symptom is always the same - when trying to connect to the internal Web server via the NAT, the browser IMMEDIATELY returns a "page cannot be displayed" error. This happens from various locations with different browsers. I see the packet accepted in the log, along with the correct translation information. If I PING the ARPed address from another machine on the same segment as the outside of the firewall, a correct IP/MAC pair appears in the ARP table on the machine, put the PING times out. I can PING the "real" address of the outside of the firewall without issues. Why is this so hard? Someone please point out my stupidity and improve my quality of life by providing the magic answer. "Obvious" suggestions are more than welcome. Thank you very very very very much. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
