[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] NT Routing Problems
Geoff, First off, did you verify basic network connectivity, before installing FW1? This is documented in CP notes and install doc's. What this means to you, is you can be assured that the underlying OS is less likely to be the problem after you install the fw software. My guess is your netmasks are incorrect on the OS(NT). Did you specify the netmasks for fw1 or did the system return these to you? In your case, go into network properties, protocols, TCPIP, routing tab and enable the routing check box. This is what allows the underlying OS to forward packets, not originating from itself. While your there, verify that you have specified the correct netmask for these networks(my guess is, you have them on the same network, which is why the 10.x.x.x works for you. Of course, you'll need to reboot after making the chgs. If this doesn't fix the issue, make sure you _disable_ the fw software and then proceed with correcting the OS level routing. Once fixed, enable the fw software. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Geoff Shatz" <[email protected]> 11/18/00 2:58:29 PM >>> > > Hello all. I am trying to get my first Firewall One Box up and running > and into production and have run into some problems. Unfortunately I > am stuck with getting this to work on NT, our budget constrained us > from using a Nokia box which would have been my preference. > > What appears to be happening is that packets are not being forwarded > between my internal and external interfaces. After fairly extensive > troubleshooting I narrowed this down to it being an NT problem and not > a Firewall-1 problem as I can duplicate the behaviour exactly whether > FW-1 is installed or not. I may be missing something very basic here > as I'm new to this arena but any help offered would be greatly > appreciated. > > Here's the skinny, we initially need to get this firewall set up > without using NAT due to some processes that need to be tested before > it is implemented. Additionally, to avoid too many X factors I want to > get the firewall implemented in as secure but as simple a fashion as > possible to start. > > Here's an example of what my current layout is: > > > Internet --- Router --- External IF --- Internal IF --- LAN > > > Device IP Address Subnet Mask Gateway > Router 38.164.193.1 255.255.255.0 > External IF 38.164.193.3 255.255.255.0 38.164.193.1 > Internal IF 38.164.193.4 255.255.255.0 None > LAN 38.164.192.0 255.255.255.0 38.164.192.4 > > After checking and rechecking details it seems as if I did configure > things properly but my gut tells me I'm missing something basic. I can > ping the Internal IF from the LAN but can't pass traffic past that card. > From the NT Box I can ping both internal cards the Router and machines > out on the Internet. Allow IP forwarding is checked in IP properties in > NT. > > If I put the Internal IF and the Workstations on the LAN onto a > different network, say 10.10.10.0/24 the NT box will pass the traffic, > but I'm not at a stage where I can rework our entire Network and > implement NAT all at the same time. > > Any thoughts? Am I being dumb here or am I just missing some basic > understanding of how routing works. Any help would be greatly > appreciated. This mailing list has certainly helped greatly in getting > me at least to this point. Thanks again. > > Geoff ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|