[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall-1 Setup And Install
1: the machines are on the same subnet 2: i tried to use address translation on solaris, but i am not sure it is working Well let me make the setup a little clearer, i have a firewall on ip address 212.16.227.146 and second interface 212.16.227.147 then .147 address is connected to a internal HUB, that the rest of the machines are on, and then .146 is connected to the ADSL router, and then DNS is provided by the provider, something like 195.82.0.0 , Now the firewall can see the internet, and everything, I have installed a rule, any : any : drop : short. and then just to see if i could get on the firewall , i added a rule epppc127 on address 192.168.1.150 , to be accepted by anything on the firewall. then i try to ping the firewall nothing, now the internal setup of the machines, must it be gateway address: the .147 address on the firewall DNS : the firewall ? or my provider ? or i could setup the internal machines up with the statis ip address that my provider gave me, so all machines have the static address of 212.17.227.0 and then DNS , then providers dns addresses and gateway the internal address of the firewall. when i try this setup , the machines can't see the firewall as being there gateway , i think this has to do with the routing on the firewall, i am running solaris 2.7 . dual ethernet cards . Could someone , tell me how i need to setup my whole network if i have these details, Statis Address range from provider 212.17.227.0 .110 DNS servers from provider 195.82.0.0 ADSL router address from Provider 212.17.227.145 I am sorry if this message is a little confusing. >===== Original Message From "Thomas Stala" <[email protected]> ===== >1. same subnet or different? >2. are you using address translation. >3. if the internal net is 10 addressing and the new ip address's are >something else they can not be placed on the internal subnet which is >different. >4. I would not allow the firewall to be pinged from anywhere. I would drop >ping rule 0 except from a few select machines I always work from. But I >would not let the CEO of a company ping the firewall. >5. The new IP addressing I am guessing you are using them for mail web and >stuff. you should setup static IP addressing. if this is NT U need to create >a local.arp file for the NT box to arp out. >Solaris does not use this to arp to the IP address. Do not add these IP's to >the firewall interface as a second IP address. > >well I hope this helps some I am not awake yet. > > > > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]]On Behalf Of >> benjamin.c >> Sent: Saturday, September 09, 2000 2:25 AM >> To: [email protected] >> Subject: [FW1] Firewall-1 Setup And Install >> >> >> >> Hi All >> >> I have come into a problem, >> i just got my static ip address given to my from my provider, >> and now i would like to put these onto the local lan, >> so that the machines can then go out to the internet, >> >> now i have taken 2 of them for the firewall , lets say they were >> 10.10.10.1 >> and 10.10.10.2 , and then rest i am going to distribute among >> the machines, >> now i can get the firewall up and running, and then it cna see >> the internet, >> and then dns works great, and it can ping on of the windows >> machines that i >> have setup on the internal lan, lets say 10.10.10.4 . but the >> windows machine >> can't seem to ping the firewall on the internal interface, >> it seems strange to me, does anyone think that this might be >> something to do >> with the firewall, or is it something with the solaris setup, ............ >> >> so when i make the windows machines default gw, as the internal >> interface of >> the firewall, it does not see it, and then it can't go onto the internet, >> >> but if you snoop the firewall using the ip address 10.10.10.4 of >> the windows >> machine, and then get it to ping an ip address on the internet, >> you can see >> the firewall sending an echo out , but nothing else, the windows >> machine times >> out. >> >> sorry about this being so long, >> >> Ben C >> >> System Administrator >> http://www.Apocolips.org.uk >> >> ( ) ( ) ( ) ( ) ( ) >> >> >> >> ================================================================== >> ============== >> To unsubscribe from this mailing list, please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================================== >> ============== > > > >============================================================================= === > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >============================================================================= === System Administrator http://www.Apocolips.org.uk ( ) ( ) ( ) ( ) ( ) ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|