Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] local.arp not working

To: [email protected]
Subject: RE: [FW1] local.arp not working
From: Amin Tora <[email protected]>
Date: Wed, 21 Mar 2001 17:58:59 -0500
Sender: [email protected]

You need to publish your arps via the "arp" command...

-----Original Message-----
From: Ronneil Camara [mailto:[email protected]]
Sent: Wednesday, March 21, 2001 2:27 AM
To: [email protected]
Subject: [FW1] local.arp not working

Hi there,

I installed firewall-1 v4.1.2 in redhat linux 6.1 for i386. I've just
recompiled my 2.2.18 kernel. I am doing a sample configuration here at home
on my minitower pc. My linux has 3 NICs, eth0 (external), eth1 (internal),
and eth2 (dmz). Prior to installing the evaluation copy of cp2000, I checked
all network connections and found out that it was fine. I setup another
freebsd webserver and I situated it on the dmz. I tested the web and it was
working fine also. So the next thing I did was to create a Security Policy.
I actually used the wizard. Btw, I am using the GUI client, Policy Editor
4.1 on Win2k Professional. With connections, I don't have any problem.

Now to the problem. Since I would like my webserver to be seen by Any
(Public), I will have to add an ip to the Webserver Workstation object, plus
the IP address in NAT tab. Next thing I did was to cd $FWDIR/state then
created  local.arp containing the new static IP address and the MAC address
of my external interface. I also added a route to the external static ip
pointing to the ip address of the webserver in the dmz.

NT: route add 192.168.0.102 netmask 255.255.255.255 192.168.2.30 -p
Linux: route add -host 192.168.0.102 gw 192.168.2.30

Actually, this is just the same process I did on my WinNT 4 and my Linux rh
7.0 on my laptop. On my previous configuration (RH7.0), when I ping the new
static IP address from a win2000pro workstation, I can see that MAC is being
bound to the IP address I pinged. I'm sure of this because I can see it when
I do a "arp -a". This works well with WinNT and Linux7.0. But now, I did a
fresh new installation, plus new compiled kernel, 2.2.18, when I ping the
static IP address, arp -a from win2kpro just gives me 00-00-00-00-00-00
invalid.

Here is my actual /etc/fw/state/local.arp 
192.168.0.102   00:60:97:98:0a:ca

and here is my linux 6.1 routing table:

[root@firewall /root]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
192.168.1.1     0.0.0.0         255.255.255.255 UH        0 0          0
eth1
192.168.2.1     0.0.0.0         255.255.255.255 UH        0 0          0
eth2
192.168.0.102   192.168.2.30    255.255.255.255 UGH       0 0          0
eth2
192.168.0.100   0.0.0.0         255.255.255.255 UH        0 0          0
eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0
eth2
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
eth1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0
eth0

Another info, these are the same IP addresses I'm using right now with my
linux 7.0 but with no eth2.
I have also set the internal interface Security to Any. I need to do this
since I am just on my test lab and all the IP address I am using is RFC1918
based.

So, guys, I need your troubleshooting expertise. :-)

Hmmm, I could have forgotten an Entry for make menuconfig (linux specifix,
kernel). Any ideas here also?

Thanks.

            .-------------------------------------------------------.
    o^o     | Ronneil Camara     | [email protected]        |
    /V\     |--------------------| +|
   // \\    | "The only way to   `----------------------------------|
  /(   )\   |          stop a hacker is to think like one."         |
   ^^-^^    |                          ...brilliant misguided youth |
            `-------------------------------------------------------'

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] anyone here using cvp from security7 /Computer Associates
Next by Date: [FW1] ELA proxy
Previous by thread: [FW1] local.arp not working
Next by thread: [FW1] Latest version Nokia software ?
Index(es):
- Date
- Thread