Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: [FW1] Nated machines can't access Internet

To: "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: FW: [FW1] Nated machines can't access Internet
From: Christian Betz <[email protected]>
Date: Mon, 19 Feb 2001 22:51:12 +0100
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

It's me again. Forgot something: you have to look for static IP Addresses on
the router, not the firewall. That will help :)

Regards,
Christian

> -----Ursprungliche Nachricht-----
> Von: Christian Betz 
> Gesendet: Montag, 19. Februar 2001 22:32
> An: 'Robert MacDonald'; [email protected]; [email protected]
> Cc: [email protected]
> Betreff: AW: [FW1] Nated machines can't access Internet
> 
> 
> Hi,
> 
> look for static ARP entries. You have to change them 
> eventually to a new MAC address of the new firewall machine...
> 
> Christian
> _________
> Christian Betz
> System Engineer
> eSecurity Solutions
> 
> Prodacta Systemhaus GmbH 
> Pforzheimer Str. 132    Fon: +49 (0) 7243 382 308
> D-76275 Ettlingen       Fax: +49 (0) 7243 382 107
> Germany                 Mob: +49 (0)> http://www.prodacta.de
> 
> 
> > -----Ursprungliche Nachricht-----
> > Von: Robert MacDonald [mailto:[email protected]]
> > Gesendet: Montag, 19. Februar 2001 21:50
> > An: [email protected]; [email protected]
> > Cc: [email protected]
> > Betreff: RE: [FW1] Nated machines can't access Internet
> > 
> > 
> > 
> > Steven,
> > 
> > Wouldn't running 'clear arp-cache' on the router be much
> > faster?
> > 
> > Robert
> > 
> > - -
> > Robert P. MacDonald
> > Global Infrastructure Group, Haworth, Inc.
> > Voice:> > email: [email protected]
> > 
> > >>> Steven Zimmerman <[email protected]> 02/19/01 10:09AM >>>
> > >
> > >First thing I would do is reboot you ISP router after 
> putting the new
> > >firewall in place.  The ISP router will have the MAC address 
> > of you old
> > >server cached (default is 3 hours on Cisco) and it will try 
> > to send all
> > >packets to that old MAC.  
> > >
> > > -----Original Message-----
> > >From: 	CryptoTech [mailto:[email protected]] 
> > >
> > >Annette,
> > >Since this is an upgrade on a separate server, a few 
> > questions come to mind.
> > >Have you removed the old config so that the new setup will 
> > be the proper
> > >defaultroute for internal hosts?
> > >Validation of proper published mac addresses is a plus
> > >Check the network properties TCPIP ->routing table to enable ip
> > >forwarding/routing.
> > >
> > >HTH,
> > >CryptoTech
> > >
> > >Annette Tenney wrote:
> > >
> > >> Am running FW-1 ver. 4.0. Upgrade planned on different 
> server. Have
> > >> installed NT on new machine and imported the rulebase and 
> > configuration
> > >> files from the old machine which is currently in use. Have 
> > modified the
> > >> route table on the new machine to match the old machine. 
> > Have created the
> > >> local.arp file. Checked in the configuration GUI that 
> the external
> > >interface
> > >> was pointing to the correct card. On the firewall network 
> > object did a get
> > >> for the interfaces which succeeded. Installed the policies.
> > >>
> > >> Have new machine on test network with DNS. Have not tried 
> > the upgrade yet.
> > >> Firewall can get name resolution, can ping machines on 
> > internal network
> > >and
> > >> DMZ by both true IP address and nated address. Internal 
> > machines with
> > >nated
> > >> address can not get name resolution (DNS acting as 
> machine outside
> > >> firewall), machines internal with hidden address can get 
> > resolution.
> > >Machine
> > >> on DMZ, with nated address can not get resolution. 
> > External machine can
> > >not
> > >> get to web server on DMZ. Have disabled all rules in rule 
> > base and added
> > >> rule any any any allow. Psuedo rules set to allow 
> > anything. Turned off IP
> > >> address spoofing.
> > >>
> > >> What have I missed?
> > >>
> > >> Thanks for your help.
> > 
> > 
> > 
> > 
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the 
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> > 
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: AW: [FW1] Nated machines can't access Internet
Next by Date: RE: [FW1] Stealth firewall - Is possible under WIN2K?
Previous by thread: RE: [FW1] Nated machines can't access Internet
Next by thread: RE: [FW1] Nated machines can't access Internet
Index(es):
- Date
- Thread