[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Too many host detected
Hi, > > Have anybody out there encountered this prolem ? I have a > FW 4.1 (running > on Solaris 2.6 ) and I have 50 licences. I have 30 PC with 1 > NIC card each. > > Recently I can't login to FW via console. The following > error apperas : You mean login remotely, if you can't login from the console attached to the server that's severe. > > Nov 7 10:21:59 wt-iadvantagefw unix: FW-1: too many internal > hosts (103) > detected > Nov 7 10:21:59 wt-iadvantagefw unix: (202.85.99.140 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.128 > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.234.4 > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.126.45 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.25 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.9 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.163.5 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.3 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.2 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.1 > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.34.241 > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.248.249 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.36 > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.189.101.160 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.81 > Nov 7 10:21:59 wt-iadvantagefw unix: , 209.178.166.180 > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.70 > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.163.139.149 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.104 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.105 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.106 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.107 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.109 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.110 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.111 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.168.98 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.101 > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.102 > > Please help. I am not sure why some external IP appears . The firewall sees all these hosts as being internal. If you see some external hosts among the addresses it could be something that I once had. Check to see if none of your PCs has several interfaces or has different addresses defined on the same interface and has IP forwarding on. Then, when a packet reaches your PC's interface with an destination address different from the default one, the packet will be sent back on to the network where it is spotted by fw1 and since the packet's source address is the address of the real external client, the fw thinks there's a new host on the internal network and increments its hostcount. Disable ip-forwarding for one on the destination pcs. Then clean the hosts tables by stopping the fw (fwstop), deleting database/fwd.h & database/fwd.hosts and restart the fw (fwstart). Now check with 'fw lichosts' to see if any new hosts are added after you hopefully solved the problem on your destination pcs. Hope this helps, Guy Zelck EDS, E.Solutions Benelux Database- & Unix System Administrator Tel: +32 (0)2 - 711.39.43 Fax : +32 (0)2 - 711.39.47 Email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|