[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] can ping from firewall but not from internal NET
>From the internal workstation with a private ip address no static nat, I can ping the external firewall's public int ip. But I can ping these internal servers by their private ip address. These internal servers are publicly accessible from outside. Outside can ping these servers by their public addresses because of static nat. It is just that the internal network with private ip addresses cannot ping these servers by their public ip. I know i can work around it by using host files and internal DNS to connect to these internal servers but I am trying to avoid that. My rules are as follows: ANY FIREWALL ANY DROP Local-Lan ANY ANY ACCEPT on the NAT TAB: LOCAL-NET LOCAL-NET ANY =ORIG =ORIG =ORIG LOCAL-NET ANY ANY FIREWALL(HIDE) =ORIG =ORIG Thanks ----- Original Message ----- From: <[email protected]> To: "Tony Wong" <[email protected]> Cc: <[email protected]> Sent: Wednesday, March 07, 2001 8:27 AM Subject: Re: [FW1] can ping from firewall but not from internal NET It could be alot of cause for this. Have you tried to traceroute to that IP from your internal LAN? This should tell you what was the last hop that you can see. Do the same thing on your firewall and compare the results. Another thing to consider, is the internal firewall allowing icmp traffic from your internal lan to the internet? sorry for the obvious. -hungdan ly Tony Wong <[email protected]>@lists.us.checkpoint.com on 03/07/2001 10:48:47 AM Sent by: [email protected] To: [email protected] cc: Subject: [FW1] can ping from firewall but not from internal NET A couple of servers are being statically nated on our firewall. i can ping these servers by their public ip addresses on the firewall itself. But i cannot ping these servers by their public ip on the internal LAN. Why is that? ______________________________________________________________________ The information contained in this transmission may contain privileged and confidential information and is intended only for the use of the person(s) named above. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender immediately by reply e-mail and destroy all copies of the original message. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|