[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re:
Hi, someone can verify this but for Solaris 2.5.1, I don't think it can route any class A's or B's; meaning you have to add specific routes on the firewall to get to a specific host on your network. -Hungdan Ly "Ing. Eduardo Frias T." <[email protected]> on 09/11/2000 10:42:51 AM To: [email protected] cc: (bcc: Hungdan Ly/New York/ACMC) Subject: Hi everybody. Hope you can help me with this. First I will "draw my topology" internal net ------> Firewall ------------> Router ----->IS 172.16.0.0 172.16.1.10 148.243.163.130 Here, everything works fine. The problem arises when I want to add a third interface to the firewall in order to stablish communication with another router: internal net ------> Firewall ------------> Router ----->IS 172.16.0.0 172.16.1.10 | 148.243.163.130 | | 157.150.144.65 | | Router (Extranet) At this point I have already connected the third NIC into the firewall ( Solaris 2.5.1 ) and the NIC is up. I added a rule to my security policy saying: any 157.150.144.0 any accept The problem is that when I want to connect from any machine in my internal network to any machine in the extranet ( 157.150.... ) I can not make the connection. If I look to the logs I see the firewall accepting the connection but I can not get any answer, ( eg. If I do a ping from my machine 172.18.5.42 ) to a machine in the extranet (157.150.144.39 ) I do not get an answer ). Something curious is that if I do the ping from the firewall to the extranet I do get an answer. My routing table is: Routing Table: Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 127.0.0.1 127.0.0.1 UH 0 1788 lo0 172.18.0.0 172.16.1.11 UG 0 44339 172.16.0.0 172.16.1.10 U 2 7108 elx0 157.150.144.0 157.150.144.65 UG 1 300 elx1 148.243.0.0 148.243.163.130 U 3 1303 pcn0 224.0.0.0 148.243.163.130 U 3 0 pcn0 default 148.243.163.129 UG 0 196550 I am using a single gateway product with licenses for 256 machines. I have been reading and I read that with this product you can only have one external interface , does that have to be with the problem??? I have also thought that this is a NAT problem since I think I have to NAT with the 148.243.163.130 address when I am going to the internet and I have to NAT with the 157.150.144.65 address when I am going to the extranet, if this is the case how do I do that ( Iknow I can do it with the GUI but I can not use it!!! to create NAT rules ). I will really appreciate any comments, suggestions or documentation to solve this. It is kind of urgent. Thanks a lot again. -- Eduardo Frias [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ______________________________________________________________________ The information contained in this transmission may contain privileged and confidential information and is intended only for the use of the person(s) named above. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender immediately by reply e-mail and destroy all copies of the original message. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|