[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Nated machines can't access Internet
Only if you have access to the router. There are a lot of Internet access companies that do not allow you access to the router.... Steven Zimmerman CIO IR Network Solutionsfax -----Original Message----- From: Robert MacDonald [mailto:[email protected]] Sent: Monday, February 19, 2001 3:50 PM To: [email protected]; [email protected] Cc: [email protected] Subject: RE: [FW1] Nated machines can't access Internet Steven, Wouldn't running 'clear arp-cache' on the router be much faster? Robert - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] >>> Steven Zimmerman <[email protected]> 02/19/01 10:09AM >>> > >First thing I would do is reboot you ISP router after putting the new >firewall in place. The ISP router will have the MAC address of you old >server cached (default is 3 hours on Cisco) and it will try to send all >packets to that old MAC. > > -----Original Message----- >From: CryptoTech [mailto:[email protected]] > >Annette, >Since this is an upgrade on a separate server, a few questions come to mind. >Have you removed the old config so that the new setup will be the proper >defaultroute for internal hosts? >Validation of proper published mac addresses is a plus >Check the network properties TCPIP ->routing table to enable ip >forwarding/routing. > >HTH, >CryptoTech > >Annette Tenney wrote: > >> Am running FW-1 ver. 4.0. Upgrade planned on different server. Have >> installed NT on new machine and imported the rulebase and configuration >> files from the old machine which is currently in use. Have modified the >> route table on the new machine to match the old machine. Have created the >> local.arp file. Checked in the configuration GUI that the external >interface >> was pointing to the correct card. On the firewall network object did a get >> for the interfaces which succeeded. Installed the policies. >> >> Have new machine on test network with DNS. Have not tried the upgrade yet. >> Firewall can get name resolution, can ping machines on internal network >and >> DMZ by both true IP address and nated address. Internal machines with >nated >> address can not get name resolution (DNS acting as machine outside >> firewall), machines internal with hidden address can get resolution. >Machine >> on DMZ, with nated address can not get resolution. External machine can >not >> get to web server on DMZ. Have disabled all rules in rule base and added >> rule any any any allow. Psuedo rules set to allow anything. Turned off IP >> address spoofing. >> >> What have I missed? >> >> Thanks for your help. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|