| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Strange Anti-Spoofing problem on NT
Hi list
I have a strange problem on an NT4-system, running FW 4.1 without patches:
The machine has 2 interfaces, one going to the Internet, the other going
to -uh- I guess you could call it a pseudo-DMZ (p-DMZ), because this site
only
has 2 interfaces, so there's no real internal net...anyway it uses a private
address space (10.40.0.0).
A webserver was placed in the pseudo-DMZ and should be reachable from the
Internet. I added the NAT-Rules accordingly and created the local.arp file,
voila, it worked. But then I tried to set up Anti-Spoofing in the security
tab of the firewall's interfaces: Valid addresses "Others" on the external
IF, and "This net" on the p-DMZ interface. After that connections got
dropped because of rule 0!
The log shows that incoming requests are correctly translated to the
webserver's private IP, but the p-DMZ interface doesn't like the source IP
of the packet (or its destination??, there should be a way to tell this more
clearly implemented in future versions of logviewer) and drops it. I created
a group
containing both the net on the Internet-side of the firewall and the net of
the
p-DMZ and added it to "Specific" in the security tab, but to no avail...
Any ideas? Sorry for being so wordy, but this one really has me puzzled,
since I thought I had understood all about Anti-Spoofing...
Cheers
Ralf G.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
