[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Remote Subnet access through FW-1 4.0
Hi Ken, I was thinking more of a route for the external address. The server you are trying to access from the outside world presumably has an address outside (the one you are arping). As the packets arrives at the firewall, the first thing that happens is routing. So you need a route to tell the firewall where the packet should go after it has done all its natting etc. route add -p [server-valid-address] mask 255.255.255.255 [frame-relay-router] You need to do this whereever the server resides. Paul. -----Original Message----- From: Claussen, Ken [mailto:[email protected]] Sent: 24 October 2000 16:58 To: 'Murphy, Paul'; Claussen, Ken; Fw-1-Mailinglist (E-mail) Subject: RE: [FW1] Remote Subnet access through FW-1 4.0 Yes we added a route to the remote subnet through the NT command line route -p add 192.168.x.x mask 255.255.255.0 and it shows up in if you do a Route print. This machine is the default gateway for internal employees and it is able to respond to them with the correct routing information, according to tracert all traffic for this subnet first receives information from the firewall corresponding to the routers interface through which it needs to pass. This all works internally. My thought was that when Microsoft created RRAS they did a thing where it would add routes for you to the routing table and had its own internal routing table seperate from the one NT uses. My question is does Firewall-1 use the default routing table for NT or does it have its own internal table to provide routing lookups? Ken Claussen MCSE CCNA CCA IT Coordinator Retail Planning Associates-----Original Message----- From: Murphy, Paul [mailto:[email protected]] Sent: Tuesday, October 24, 2000 11:15 AM To: 'Claussen, Ken'; Fw-1-Mailinglist (E-mail) Subject: RE: [FW1] Remote Subnet access through FW-1 4.0 Have you put in a route to tell the firewall to route packets destined for the external address of the server to the frame relay router? Paul. -----Original Message----- From: Claussen, Ken [mailto:[email protected]] Sent: 24 October 2000 16:09 To: Fw-1-Mailinglist (E-mail) Subject: [FW1] Remote Subnet access through FW-1 4.0 I am having trouble exposing a host on a remote subnet to the outside world. We have recently added a second subnet needing to be accessed by our Checkpoint 4.0 firewall. So far we have not been able to make the objects exportable successfully. The subnet (192.168.13.x) is across a frame relay (12 channels) connection and an intermediate private (192.168.14.x) network. Network traffic behind the firewall works correctly, however the objects we have defined in the firewall cannot be reached from the outside using there NATed address. We have a rule in the firewall that prohibits all traffic destined for the firewall itself. We have added the arp entries, and the log shows traffic being accepted for the connection, however the remot connection never receives a response. My thought was since it is a remot subnet we will have to insert the rule before the rule which drops all traffic destined for the firewall itself. I have tried Checkpoint's site, but we could not find our username and password and the "Public" info did not contain this level of info. Has anyone else tried to make objects on remote subnets exportable? We want to route mail and web traffic over there, but so far it has not worked. All suggestions would be appreciated. Ken Claussen MCSE CCNA CCA ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ---------------------------------------------------------------------------- ----- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ---------------------------------------------------------------------------- ------ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== --------------------------------------------------------------------------------- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ---------------------------------------------------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|