Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] packets sent to 224.0.0.1

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] packets sent to 224.0.0.1
From: "Luke, Jason (ISS Southfield)" <[email protected]>
Date: Thu, 22 Feb 2001 10:01:48 -0500
Sender: [email protected]

First thought, create a network object for 224.0.0.1, and allow the firewall
to talk ANY to it, as a test.  If it works, restrict it to what is
necessary.

If it doesn't work, it is probably an OS problem, and not a firewall
problem.
This is merely a shot in the dark, as I really haven't worked with this
scenario much, but could the kernel parameter 'ip_respond_to_echo_broadcast'
be set to 0, thereby stopping the Solaris box from replying?   I'm not sure
if that is exactly what this kernel parameter does, but it sounds good.
 


-----Original Message-----
From: corne [mailto:[email protected]]
Sent: Thursday, February 22, 2001 9:00 AM
To: [email protected]
Subject: [FW1] packets sent to 224.0.0.1



Hi all

I have a situation where 2 Sun mail servers form a cluster behind a firewall
(fw-1 4.1 sp2, solaris 2.7 latest patches, NetraT platform).

Each node in the cluster has 2 interfaces, in case an interface on the given
machine fails. A node tests for failover of these interfaces by sending ICMP
to 224.0.0.1. According to the Sun guys, this should get a response back
from the machine's gateway, which is the fw. However, we are not seeing
this.

I have allowed echo-reply,-request,icmp-proto,redirect&dest-unreach between
the mail cluster nodes, the fw and a workstation object with ip = 224.0.0.1,
still no luck. ICMP is also switched on in the properties (*gasp*!).

Doing a snoop on the fw's interface I can see packets from the mail cluster
to 224.0.0.1:

mailnode1.mydomain.bla -> ALL-ROUTERS.MCAST.NET ICMP Echo request
mailnode1.mydomain.bla -> ALL-SYSTEMS.MCAST.NET ICMP Echo request

Is it possible to get the fw to reply to these requests? All this was
working fine until I replaced a Sun EFS firewall with the fw-1 box.

btw: does anyone have some pointers on what the results are of sending
packets to 224.0.0.1? What kind of answers will you get from other machines
on the network?

Regards
Corne van Dyk
Dimension Data: Network security engineer
Tel: +27 21 659 2540
Fax: +27 21 659 2101
Helpdesk: +27 21 659 2112



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] packets sent to 224.0.0.1
  - From: "corne" <[email protected]>

Prev by Date: Re: [FW1] HA
Next by Date: [FW1] Radware
Previous by thread: Re: [FW1] HA
Next by thread: RE: [FW1] packets sent to 224.0.0.1
Index(es):
- Date
- Thread