[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Strange Anti-Spoofing problem on NT
Hi list I have a strange problem on an NT4-system, running FW 4.1 without patches: The machine has 2 interfaces, one going to the Internet, the other going to -uh- I guess you could call it a pseudo-DMZ (p-DMZ), because this site only has 2 interfaces, so there's no real internal net...anyway it uses a private address space (10.40.0.0). A webserver was placed in the pseudo-DMZ and should be reachable from the Internet. I added the NAT-Rules accordingly and created the local.arp file, voila, it worked. But then I tried to set up Anti-Spoofing in the security tab of the firewall's interfaces: Valid addresses "Others" on the external IF, and "This net" on the p-DMZ interface. After that connections got dropped because of rule 0! The log shows that incoming requests are correctly translated to the webserver's private IP, but the p-DMZ interface doesn't like the source IP of the packet (or its destination??, there should be a way to tell this more clearly implemented in future versions of logviewer) and drops it. I created a group containing both the net on the Internet-side of the firewall and the net of the p-DMZ and added it to "Specific" in the security tab, but to no avail... Any ideas? Sorry for being so wordy, but this one really has me puzzled, since I thought I had understood all about Anti-Spoofing... Cheers Ralf G. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|