[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Too many host detected
We also have this problem on a machine wiht FW-1 4.0. The license we have is suppose to be unlimited (it has worked OK for more thna 18 months), but the last three weeks we have seen several error-messages about too many internal hosts and then a list of hosts. A `cd /; find . -name fwd\.ho* -print` find no file to delete. But somewhere table must be stored. I suspect the kernal itself. The only soulution is to reinstall HP-UX and then FW-1 to solv this problme... for some days... --- Jørn Yngve Dahl-Stamnes EDB Teamco, Trondheim [email protected] > -----Original Message----- > From: Zelck, Guy [mailto:[email protected]] > Sent: 24. november 2000 18:12 > To: [email protected] > Subject: RE: [FW1] Too many host detected > > > > Hi, > > > > > Have anybody out there encountered this prolem ? I have a > > FW 4.1 (running > > on Solaris 2.6 ) and I have 50 licences. I have 30 PC with 1 > > NIC card each. > > > > Recently I can't login to FW via console. The following > > error apperas : > You mean login remotely, if you can't login from the console > attached to the > server that's severe. > > > > > Nov 7 10:21:59 wt-iadvantagefw unix: FW-1: too many internal > > hosts (103) > > detected > > Nov 7 10:21:59 wt-iadvantagefw unix: (202.85.99.140 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.128 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.234.4 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.126.45 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.25 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.9 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.163.5 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.3 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.2 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.1 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.34.241 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.248.249 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.36 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.189.101.160 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.81 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 209.178.166.180 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.70 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.163.139.149 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.104 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.105 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.106 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.107 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.109 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.110 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.111 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.168.98 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.101 > > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.102 > > > > Please help. I am not sure why some external IP appears . > > The firewall sees all these hosts as being internal. If you see some > external hosts among the addresses it could be something that > I once had. > Check to see if none of your PCs has several interfaces or > has different > addresses defined on the same interface and has IP forwarding on. > Then, when a packet reaches your PC's interface with an > destination address > different from the default one, the packet will be sent back on to the > network where it is spotted by fw1 and since the packet's > source address is > the address of the real external client, the fw thinks > there's a new host on > the internal network and increments its hostcount. > Disable ip-forwarding for one on the destination pcs. > Then clean the hosts tables by stopping the fw (fwstop), deleting > database/fwd.h & database/fwd.hosts and restart the fw (fwstart). > Now check with 'fw lichosts' to see if any new hosts are > added after you > hopefully solved the problem on your destination pcs. > > Hope this helps, > > Guy Zelck > EDS, E.Solutions Benelux > Database- & Unix System Administrator > > Tel: +32 (0)2 - 711.39.43 > Fax : +32 (0)2 - 711.39.47 > Email: [email protected] > > > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|