[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] DHCP problem with FW-1
David, You may want to confirm that the DHCPDISCOVER or DHCPREQUEST packets aren't being denied or dropped because they are contacting the FW host. As CryptoTech pointed out, the finddhcp.exe program is a good suggestion. It is a simple executable created to find any host listening on the same network for DHCPDISCOVER or DHCPREQUEST packets. You can run it from any host. If you run it and find that it can't see your server then you have a starting point. If you find a server and need to know more a sniff on your network for any DHCPOFFER or DHCPACK and the IP address that sends it will tell you if there is any communication at all. Let me know if your using the Check Point Meta IP as your server. There is a monitor process you can run to watch the activity easily. Good Luck! Charlie -----Original Message----- From: CryptoTech [mailto:[email protected]] Sent: Tuesday, November 21, 2000 8:14 AM To: Luong, David Cc: 'Firewall Mailing List' Subject: Re: [FW1] DHCP problem with FW-1 David, <Soapbox> As much as I disagree with sharing services on the firewall.... </Soapbox> If you look on the 4.1 cd, you will find in the windows\add-ons\finddhcp\ a program called finddhcp.exe. You should use this in conjuntion with long logging to find the reason. I would suspect that you are getting drops to the firewall on ip net 255.255.255.255. You will need to create a host -- DHCP-server with ip address of 255.255.255.255. and then create a rule any > dhcp-server > bootp > accept >long log This way you will get log hits when it works. HTH, CryptoTech "Luong, David" wrote: > Hi Folks: > > I have FW-1 installed on a NT 4.0 box with 2 NIC's; the internal interface > is connected to my 10.1.29.x/24 network while the external goes directly to > my ADSL ISP on a 216.232.x.x. I have NAT enable and all other internal PC's > are able to connect to the Internet simultaneously. However, when I have a > DHCP server running and a domain set up, my clients cannot contact the > domain server and get a IP lease. The domain controller is basically on the > same box with FW-1 module and management console installed so are there any > issues to be wary of? I have set up a rule on top of the rule base for > LOCALHOST + LOCALHOST = ACCEPT and orig,orig,orig on NAT. Therefore, i don't > think FW-1 is blocking the client's DHCP request...any help will be > appreciated! > > TIA > __________________________________________________ > David Q.P Luong > CCNP,CCNA,A+,N+,i-Net+ > Telecom Systems Management Analyst III > Aprisma Spectrum Support > Insurance Corporation of B.C <<http://www.icbc.com>> > Vancouver, B.C | CANADA > > ------------------------------------------------------------------------ > > Part 1.2 Type: application/ms-tnef > Encoding: base64 ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|