Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] routing twice

To: "'Rick Francis'" <[email protected]>
Subject: RE: [FW1] routing twice
From: "Goodwin, Russell" <[email protected]>
Date: Wed, 25 Oct 2000 04:15:26 -0400
Cc: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Sender: [email protected]

Rick,

Firstly, do you have routes coming back? Also do you have the rulebase
correct to allow ICMP, Telnet out AND ICMP back in. Why are you using the
proxy as a router? It may be better to just point the Internal router at the
Firewall and have the Proxy on the same subnet, then point the browsers at
the proxy. I don't know what proxy you use but is it effective as an IP
router?
I would say try telneting from the firewall to the external router, then
from the proxy, then the router, then a workstation. Find out where this
breaks. This should give you an idea of where the problem lies. Also if your
telnet rule is logged then check the logs to see if the request is getting
as far as the firewall. Try a traceroute from the internal network, where
does it start to time out?

More info may mean people here can help more.

Thanks

Russell Goodwin 

-----Original Message-----
From: Rick Francis [mailto:[email protected]]
Sent: 25 October 2000 04:43
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] routing twice



help!
i can't get the routing correct with this config:

Internet
|
router #2
|
bridge
|
firewall
|
proxy
|
router #1
|
Intranet

each | is a subnet
connectivity to the internet from the firewall is perfect

proxy default route is to the firewall
firewall default route is to router #2
router #1 default route is to proxy

problem is proxy cannot traceroute, ping, telnet, nothing past firewall's
interior interface.

proxy and firewall both have ip_forwarding=1 (on).

any ideas?

rf



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Secure remote WINS/DNS DHCP issue (NT4)
Next by Date: RE: [FW1] SMTP Gateway fails to return non-delivery reports
Previous by thread: RE: [FW1] Secure remote WINS/DNS DHCP issue (NT4)
Next by thread: [FW1] Gabriel's having SecuRemote problems through a Cisco PIX firewall
Index(es):
- Date
- Thread