ex. for cisco ip route <virtual address> 255.255.255.255 <external
ip address of firewall>
> >I'm testing FW-1 4.1 SP3 on an Win2k Advanced
Server machine. Since
> >local.arp is no more supported, we're trying to publish arp entries
to
use
> >NAT (since we can't change routing on the router). The command arp
-s
> >doesn't work, since on W2K it doesn't support the "pub" switch.
>
> Add new string values (REG_SZ) to the registry key at
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> that correspond to the ARP entries you need. For example, key "arp1"
as a
> string with value "c:\winnt\system32\arp.exe -s 1.2.3.4 00-11-22-33-44-55"
>
> I've done this in the past with Windows NT 4.0 systems to work around
the
> flaky "local.arp" file.
I'll try this in the next hours and I will tell you about it, but I
think
your advice won't solve the problem. The problem is that the local.arp
file
used by FW1 in NT was a way to "publish" arp entries, since issuing
an
"arp -s" doesn't publish the entries "outside". (So I wonder how a
"arp -s"
put in the "Run" key could work, even in WinNT, if the same command
issued
from the prompt didn't work, but I will try...)
For instance, in Solaris you can type "arp -s ip_addr mac_addr pub",
but in
Win2k the "pub" switch doesn't work, so it seems that there is not
a way to
make the firewall host answer to arp queries.
I looked in many MLs and NGs, but I didn't find any answer... now I'm
looking at "Routing and Remote Access" help in Win2k....
thanks,
Marco
================================================================================
To unsubscribe from this mailing list, please
see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
