[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FW: [FW1] Nated machines can't access Internet
It's me again. Forgot something: you have to look for static IP Addresses on the router, not the firewall. That will help :) Regards, Christian > -----Ursprungliche Nachricht----- > Von: Christian Betz > Gesendet: Montag, 19. Februar 2001 22:32 > An: 'Robert MacDonald'; [email protected]; [email protected] > Cc: [email protected] > Betreff: AW: [FW1] Nated machines can't access Internet > > > Hi, > > look for static ARP entries. You have to change them > eventually to a new MAC address of the new firewall machine... > > Christian > _________ > Christian Betz > System Engineer > eSecurity Solutions > > Prodacta Systemhaus GmbH > Pforzheimer Str. 132 Fon: +49 (0) 7243 382 308 > D-76275 Ettlingen Fax: +49 (0) 7243 382 107 > Germany Mob: +49 (0)> http://www.prodacta.de > > > > -----Ursprungliche Nachricht----- > > Von: Robert MacDonald [mailto:[email protected]] > > Gesendet: Montag, 19. Februar 2001 21:50 > > An: [email protected]; [email protected] > > Cc: [email protected] > > Betreff: RE: [FW1] Nated machines can't access Internet > > > > > > > > Steven, > > > > Wouldn't running 'clear arp-cache' on the router be much > > faster? > > > > Robert > > > > - - > > Robert P. MacDonald > > Global Infrastructure Group, Haworth, Inc. > > Voice:> > email: [email protected] > > > > >>> Steven Zimmerman <[email protected]> 02/19/01 10:09AM >>> > > > > > >First thing I would do is reboot you ISP router after > putting the new > > >firewall in place. The ISP router will have the MAC address > > of you old > > >server cached (default is 3 hours on Cisco) and it will try > > to send all > > >packets to that old MAC. > > > > > > -----Original Message----- > > >From: CryptoTech [mailto:[email protected]] > > > > > >Annette, > > >Since this is an upgrade on a separate server, a few > > questions come to mind. > > >Have you removed the old config so that the new setup will > > be the proper > > >defaultroute for internal hosts? > > >Validation of proper published mac addresses is a plus > > >Check the network properties TCPIP ->routing table to enable ip > > >forwarding/routing. > > > > > >HTH, > > >CryptoTech > > > > > >Annette Tenney wrote: > > > > > >> Am running FW-1 ver. 4.0. Upgrade planned on different > server. Have > > >> installed NT on new machine and imported the rulebase and > > configuration > > >> files from the old machine which is currently in use. Have > > modified the > > >> route table on the new machine to match the old machine. > > Have created the > > >> local.arp file. Checked in the configuration GUI that > the external > > >interface > > >> was pointing to the correct card. On the firewall network > > object did a get > > >> for the interfaces which succeeded. Installed the policies. > > >> > > >> Have new machine on test network with DNS. Have not tried > > the upgrade yet. > > >> Firewall can get name resolution, can ping machines on > > internal network > > >and > > >> DMZ by both true IP address and nated address. Internal > > machines with > > >nated > > >> address can not get name resolution (DNS acting as > machine outside > > >> firewall), machines internal with hidden address can get > > resolution. > > >Machine > > >> on DMZ, with nated address can not get resolution. > > External machine can > > >not > > >> get to web server on DMZ. Have disabled all rules in rule > > base and added > > >> rule any any any allow. Psuedo rules set to allow > > anything. Turned off IP > > >> address spoofing. > > >> > > >> What have I missed? > > >> > > >> Thanks for your help. > > > > > > > > > > ============================================================== > > ================== > > To unsubscribe from this mailing list, please see the > > instructions at > > http://www.checkpoint.com/services/mailing.html > > ============================================================== > > ================== > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|