[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Rule 0 problem when trying to use new subnet
Hi all, I've been working with FW-1 for about 6 months now and have just come up against a problem I can't find a solution for. I have FW-1 installed on NT box with an external IF , a DMZ and an Internal IF. Pretty standard stuff. Internet -----Router---------FW-1---------DMZ | | Internal The router belongs to our ISP and is on their site. My company requires more IP addresses however our ISP cannot supply another block of 32 addresses that are contiguous with what we currently have. They can however supply the connectivity via ILS on the same wire (ie to my external IF). When I configure a machine on my DMZ to use one of the new addresses it gets REJECTED by rule 0 (rather than dropped) which according to the phoneboy site means that the outgoing packet has violated the antispoof rules as it is being routed out the wrong interface. That sounds like the incoming packets are routed to the correct machine but the reply is being REJECTED by rule 0 . I have tried to allow all IP's from the new subnet in and out of the external IF on the firewall object as well as Other but still rejected by rule 0. Am I trying to do something that can't be done or is there a better way? Any suggestions would be appreciated Thanks ____________________________________________ Graeme Patterson Systems Administrator Elcom Technolgy Pty Ltd Email [email protected] Web www.elcom.com.au ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|