NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall-1 Setup And Install



Well i have tried what you said, and i have even tried address translation , 
but still no go ,

this is the setup ,

           --------
           - ADSL - 212.17.226.145
           --------
            |
            |
       -------  iprb0 212.17.226.146
       - FW  -
       -------  iprb1 192.168.1.147
         |
         |
      ______
      |HUB  |
      |_____|
         |
         ------------------________
                           |WIN98  | 192.168.1.148
                           |       |
                           ---------

 Now i have given the windows 98 machine the valid address that was given to 
me by my provider as, 212.17.116.148 , the routing tables on the firewall look 
like so .

212.17.226.0   212.17.226.146   
192.168.1.0    192.168.1.147
224.0.0.0      212.17.226.146
default        212.17.226.145
127.0.0.1      127.0.0.1


Now i have just one rule in the firewall at the moment, 
that is

win98 , any , any , accept, short.

this is just too see if i can get out.

and i have setup to network objects that are , win98 with address 
192.168.1.148.  and then on with win98-valid with address 212.17.226.148
then i used address translation with hide mode,

soure win98 , any , any ,  win98-valid , any , any ,

i installed the policy , and all looks well.


from the firewall i can ping the ADSL router, and the internet , and other 
hosts. and i can ping the win98 internal host.

so i get onto the windows machine, with

ip address 192.168.1.148 , and default gw of 192.168.1.147 , 
and DNS are the ones that were given to me with the provider.

try ping the ADSL router 212.16.227.145 . i get request timed out.
if i snoop on both interfaces of the firewall the internal interface sees me 
go out to ping the ADSL router. put the external interface that is connected 
to the router says

ADSL --> (broadcast) ARP C WHO is 212.17.226.148, 212.16.226.148 ?

now i have not had my provider register my DNS name for the ADSL router , and 
then firewall yet, will that matter, or what is the problem,

Sorry about the long winded e-mail, but i am having no luck here

Thanks


Ben C










>===== Original Message From "Thomas Stala" <[email protected]> =====
>You have a 110 address's to use. Are you planning on using the real ip
>address's internally?
>You can do this many ways. keep the 110 address's for 110 static routes back
>to a DMZ where people access you information servers from the outside. You
>can place the whole internal network on 10.0.0.0 network and subnet it out
>with a class C mask and use hide address translation to surf the internet.
>Then as you need to put a server up on the internet for the external world
>to see you ca add a static route to the server that needs to be accessed
>from he internet.
>
>212.17.227.145 DSL
>
>212.16.227.146 external interface of FW.
>212.16.227.147 external interface of FW ==> Should only have one interface
>here.
>FW.
>Internal subnet 212.17.227.0-110 if these are real Internet assigned
>registered IP address's then you should only need to do a route add.
>
>such as
>no router on the inside of the firewall.
>route add 212.16.227.0 internal interface of the firewall.
>if there is a router on the inside
>route add 212.16.227.0 and the IP of the internal router.
>
>I hope this helps
>
>
>
>
>
>> -----Original Message-----
>> From: [email protected]
>> [mailto:[email protected]]On Behalf Of
>> benjamin.c
>> Sent: Saturday, September 09, 2000 10:11 AM
>> To: Thomas Stala
>> Cc: [email protected]
>> Subject: RE: [FW1] Firewall-1 Setup And Install
>>
>>
>>
>> 1: the machines are on the same subnet
>> 2: i tried to use address translation on solaris, but i am not sure it is
>> working
>>
>>
>> Well let me make the setup a little clearer,
>>
>>
>> i have a firewall on
>> ip address 212.16.227.146
>> and second interface 212.16.227.147
>>
>> then .147 address is connected to a internal HUB, that the rest of the
>> machines are on, and then .146 is connected to the ADSL router,
>> and then DNS
>> is provided by the provider, something like 195.82.0.0 ,
>>
>> Now the firewall can see the internet, and everything,
>>
>> I have installed a rule, any : any : drop : short.
>>
>> and then just to see if i could get on the firewall , i added a rule
>>
>> epppc127 on address 192.168.1.150 , to be accepted by anything on the
>> firewall.
>>
>> then i try to ping the firewall nothing,
>>
>>
>> now the internal setup of the machines, must it be
>>
>> gateway address:  the .147 address on the firewall
>> DNS :  the firewall ? or my provider ?
>>
>>
>> or i could setup the internal machines up with the statis ip
>> address that my
>> provider gave me,
>>
>> so all machines have the static address of 212.17.227.0
>> and then DNS , then providers dns addresses
>> and gateway the internal address of the firewall.
>>
>> when i try this setup , the machines can't see the firewall as
>> being there
>> gateway , i think this has to do with the routing on the firewall, i am
>> running solaris 2.7 . dual ethernet cards .
>>
>>
>> Could someone , tell me how i need to setup my whole network if i
>> have these
>> details,
>>
>> Statis Address range from provider 212.17.227.0  .110
>> DNS servers from provider  195.82.0.0
>> ADSL router address from Provider 212.17.227.145
>>
>>
>> I am sorry if this message is a little confusing.
>>
>>
>>
>> >===== Original Message From "Thomas Stala" <[email protected]> =====
>> >1. same subnet or different?
>> >2. are you using address translation.
>> >3. if the internal net is 10 addressing and the new ip address's are
>> >something else they can not be placed on the internal subnet which is
>> >different.
>> >4. I would not allow the firewall to be pinged from anywhere. I
>> would drop
>> >ping rule 0 except from a few select machines I always work from. But I
>> >would not let the CEO of a company ping the firewall.
>> >5. The new IP addressing I am guessing you are using them for
>> mail web and
>> >stuff. you should setup static IP addressing. if this is NT U
>> need to create
>> >a local.arp file for the NT box to arp out.
>> >Solaris does not use this to arp to the IP address. Do not add
>> these IP's to
>> >the firewall interface as a second IP address.
>> >
>> >well I hope this helps some I am not awake yet.
>> >
>> >
>> >
>> >
>> >> -----Original Message-----
>> >> From: [email protected]
>> >> [mailto:[email protected]]On Behalf Of
>> >> benjamin.c
>> >> Sent: Saturday, September 09, 2000 2:25 AM
>> >> To: [email protected]
>> >> Subject: [FW1] Firewall-1 Setup And Install
>> >>
>> >>
>> >>
>> >> Hi All
>> >>
>> >> I have come into a problem,
>> >> i just got my static ip address given to my from my provider,
>> >> and now i would like to put these onto the local lan,
>> >> so that the machines can then go out to the internet,
>> >>
>> >> now i have taken 2 of them for the firewall , lets say they were
>> >> 10.10.10.1
>> >> and  10.10.10.2 , and then rest i am going to distribute among
>> >> the machines,
>> >> now i can get the firewall up and running, and then it cna see
>> >> the internet,
>> >> and then dns works great, and it can ping on of the windows
>> >> machines that i
>> >> have setup on the internal lan, lets say 10.10.10.4 . but the
>> >> windows machine
>> >> can't seem to ping the firewall on the internal interface,
>> >> it seems strange to me, does anyone think that this might be
>> >> something to do
>> >> with the firewall, or is it something with the solaris setup,
>> ............
>> >>
>> >> so when i make the windows machines default gw, as the internal
>> >> interface of
>> >> the firewall, it does not see it, and then it can't go onto
>> the internet,
>> >>
>> >> but if you snoop the firewall using the ip address 10.10.10.4 of
>> >> the windows
>> >> machine, and then get it to ping an ip address on the internet,
>> >> you can see
>> >> the firewall sending an echo out , but nothing else, the windows
>> >> machine times
>> >> out.
>> >>
>> >> sorry about this being so long,
>> >>
>> >> Ben C
>> >>
>> >> System Administrator
>> >> http://www.Apocolips.org.uk
>> >>
>> >> ( ) ( ) ( ) ( ) ( )
>> >>
>> >>
>> >>
>> >> ==================================================================
>> >> ==============
>> >>      To unsubscribe from this mailing list, please see the
>> instructions at
>> >>                http://www.checkpoint.com/services/mailing.html
>> >> ==================================================================
>> >> ==============
>> >
>> >
>> >
>> >=================================================================
>> ============
>> ===
>> >     To unsubscribe from this mailing list, please see the
>> instructions at
>> >               http://www.checkpoint.com/services/mailing.html
>> >=================================================================
>> ============
>> ===
>>
>> System Administrator
>> http://www.Apocolips.org.uk
>>
>> ( ) ( ) ( ) ( ) ( )
>>
>>
>>
>> ==================================================================
>> ==============
>>      To unsubscribe from this mailing list, please see the instructions at
>>                http://www.checkpoint.com/services/mailing.html
>> ==================================================================
>> ==============

System Administrator 
http://www.Apocolips.org.uk

( ) ( ) ( ) ( ) ( )



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.