[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [no subject]
Hi everybody. Hope you can help me with this. First I will "draw my topology" internal net ------> Firewall ------------> Router ----->IS 172.16.0.0 172.16.1.10 148.243.163.130 Here, everything works fine. The problem arises when I want to add a third interface to the firewall in order to stablish communication with another router: internal net ------> Firewall ------------> Router ----->IS 172.16.0.0 172.16.1.10 | 148.243.163.130 | | 157.150.144.65 | | Router (Extranet) At this point I have already connected the third NIC into the firewall ( Solaris 2.5.1 ) and the NIC is up. I added a rule to my security policy saying: any 157.150.144.0 any accept The problem is that when I want to connect from any machine in my internal network to any machine in the extranet ( 157.150.... ) I can not make the connection. If I look to the logs I see the firewall accepting the connection but I can not get any answer, ( eg. If I do a ping from my machine 172.18.5.42 ) to a machine in the extranet (157.150.144.39 ) I do not get an answer ). Something curious is that if I do the ping from the firewall to the extranet I do get an answer. My routing table is: Routing Table: Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 127.0.0.1 127.0.0.1 UH 0 1788 lo0 172.18.0.0 172.16.1.11 UG 0 44339 172.16.0.0 172.16.1.10 U 2 7108 elx0 157.150.144.0 157.150.144.65 UG 1 300 elx1 148.243.0.0 148.243.163.130 U 3 1303 pcn0 224.0.0.0 148.243.163.130 U 3 0 pcn0 default 148.243.163.129 UG 0 196550 I am using a single gateway product with licenses for 256 machines. I have been reading and I read that with this product you can only have one external interface , does that have to be with the problem??? I have also thought that this is a NAT problem since I think I have to NAT with the 148.243.163.130 address when I am going to the internet and I have to NAT with the 157.150.144.65 address when I am going to the extranet, if this is the case how do I do that ( Iknow I can do it with the GUI but I can not use it!!! to create NAT rules ). I will really appreciate any comments, suggestions or documentation to solve this. It is kind of urgent. Thanks a lot again. -- Eduardo Frias [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|