Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] can ping from firewall but not from internal NET

To: [email protected]
Subject: Re: [FW1] can ping from firewall but not from internal NET
From: Tony Wong <[email protected]>
Date: Wed, 7 Mar 2001 10:08:16 -0800
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

>From the internal workstation with a private ip address no static nat, I can
ping the external firewall's public int ip. But I can ping these internal
servers by their private ip address. These internal servers are publicly
accessible from outside. Outside can ping these servers by their public
addresses because of static nat.

It is just that the internal network with private ip addresses cannot ping
these servers by their public ip. I know i can work around it by using host
files and internal DNS to connect to these internal servers but I am trying
to avoid that.

My rules are as follows:

ANY    FIREWALL    ANY    DROP
Local-Lan ANY    ANY    ACCEPT

on the NAT TAB:

LOCAL-NET    LOCAL-NET ANY    =ORIG    =ORIG    =ORIG
LOCAL-NET    ANY    ANY                FIREWALL(HIDE)    =ORIG        =ORIG



Thanks



----- Original Message -----
From: <[email protected]>
To: "Tony Wong" <[email protected]>
Cc: <[email protected]>
Sent: Wednesday, March 07, 2001 8:27 AM
Subject: Re: [FW1] can ping from firewall but not from internal NET



It could be alot of cause for this.  Have you tried to traceroute
to that IP from your internal LAN?  This should tell you what was
the last hop that you can see.  Do the same thing on your
firewall and compare the results.  Another thing to consider, is
the internal firewall allowing icmp traffic from your internal
lan to the internet?

sorry for the obvious.

-hungdan ly




Tony Wong <[email protected]>@lists.us.checkpoint.com on
03/07/2001 10:48:47 AM

Sent by:  [email protected]

To:   [email protected]
cc:

Subject:  [FW1] can ping from firewall but not from internal NET




A couple of servers are being statically nated on  our firewall.
i can ping these servers by their public ip addresses on the
firewall itself. But i cannot ping these servers by their public
ip on the  internal LAN.

Why is  that?





______________________________________________________________________

The information contained in this transmission may contain
privileged and confidential information and is intended only
for the use of the person(s) named above. If you are not the
intended recipient,  or an employee or agent responsible for
delivering this message to the intended recipient,  any review,
dissemination, distribution or duplication of this communication
is strictly prohibited. If you are not the intended recipient,
please contact the sender immediately by reply e-mail and destroy
all copies of the original message.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] can ping from firewall but not from internal NET
  - From: [email protected]

Prev by Date: RE: [FW1] SecuRemote 4.1 SP2 problems
Next by Date: RE: [FW1] Scheduled Policies?
Previous by thread: Re: [FW1] can ping from firewall but not from internal NET
Next by thread: RE: [FW1] can ping from firewall but not from internal NET
Index(es):
- Date
- Thread