Re: [FW1] How does FW-1 count internal hosts?

[Petr Mosnicka <FW1ml@FW1-NOSPAMYieldTech.cz>]

On Tue, 2 Jan 2001 liuk@publinet.it wrote:

>
> Hi,
>
> I've successfully installed FW-1 on Debian Linux 2.2, we have
> a 25 IP license and it happens a strange fact. The Linux box has
> 2 Ethernet, eth0 and eth1, and FW-1 is correctly configured to
> know that eth1 is the "external interface".
>
> After a period of activity FW-1 logs the following message to dmesg:
>
> FW-1: too many internal hosts (28) detected (... list of IP suppressed...)
>

Same here. RedHat 6.2, 2.2.17 kernel, FW1 4.1 SP2.

> The strange is that in the list of IP there are some IPs that are
> not part of the internal LAN. On the internal LAN we have only 10.x.x.x
> addresses, but in the list there are also IP that cannot be seen as
> internal because there are no PC or server which such addresses!
>
> Who knows which is the method of IP counting of FW-1?

Per IP address. Should listen only on internal interface but IMHO there is
a bug, e.g. in output of 'fw lichosts' we can see a lot of external IPs
from external iface.

> And what happens exactly when this limit is reached?

Admin gets an email:

--------<snip>-------
You can avoid those repeated messages by removing the file:
$FWDIR/database/fwd.h, then restarting VPN-1 & FireWall-1 and making
sure you do not violate the License Agreement again.
--------<snip>-------

We've done exactly that and then we got "Failed to Load Security
Policy: No Valid FM License" error.

After reboot it counts ok, but fills up its internal-hosts-database with
previously seen/logged external IP addresses and then complains about the
number of internal hosts again.

petr








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================