Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] can ping from firewall but not from internal NET

To: [email protected]
Subject: Re: [FW1] can ping from firewall but not from internal NET
From: Ed Rolison <[email protected]>
Date: Wed, 7 Mar 2001 15:55:24 +0000 (GMT)
Reply-to: Ed Rolison <[email protected]>
Sender: [email protected]


>A couple of servers are being statically nated on our firewall. i can
>ping these servers by their public ip addresses on the firewall itself.
>But i cannot ping these servers by their public ip on the internal LAN.
> 
>Why is that?

At a guess...
Host A being the pinger, sends it's ping out through its default route, which 
reaches the firewall.

Fireall takes ICMP echo request packet, NATs it, and forwards it to Host B

Host B goes 'ah I have a packet from Host A' and then sends an ICMP echo reply 
to host A. 

BUT because host A is on the same subnet as host B the echo reply doesn't get to 
the firewall, and thus doesn't get NATed back so host A actually recognises it.

You can check this by running a 'snoop' on your local machine, and doing the 
ping. I'm guessing you will see a response, but not from the _external_ ip 
address of host B.
--
Ed Rolison
Systems Admin
ER706-RIPE
[email protected]



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] error messages (xlate)
Next by Date: [FW1]error messages (xlate)
Previous by thread: [FW1] can ping from firewall but not from internal NET
Next by thread: Re: [FW1] can ping from firewall but not from internal NET
Index(es):
- Date
- Thread