[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local.arp not working
You need to publish your arps via the "arp" command... -----Original Message----- From: Ronneil Camara [mailto:[email protected]] Sent: Wednesday, March 21, 2001 2:27 AM To: [email protected] Subject: [FW1] local.arp not working Hi there, I installed firewall-1 v4.1.2 in redhat linux 6.1 for i386. I've just recompiled my 2.2.18 kernel. I am doing a sample configuration here at home on my minitower pc. My linux has 3 NICs, eth0 (external), eth1 (internal), and eth2 (dmz). Prior to installing the evaluation copy of cp2000, I checked all network connections and found out that it was fine. I setup another freebsd webserver and I situated it on the dmz. I tested the web and it was working fine also. So the next thing I did was to create a Security Policy. I actually used the wizard. Btw, I am using the GUI client, Policy Editor 4.1 on Win2k Professional. With connections, I don't have any problem. Now to the problem. Since I would like my webserver to be seen by Any (Public), I will have to add an ip to the Webserver Workstation object, plus the IP address in NAT tab. Next thing I did was to cd $FWDIR/state then created local.arp containing the new static IP address and the MAC address of my external interface. I also added a route to the external static ip pointing to the ip address of the webserver in the dmz. NT: route add 192.168.0.102 netmask 255.255.255.255 192.168.2.30 -p Linux: route add -host 192.168.0.102 gw 192.168.2.30 Actually, this is just the same process I did on my WinNT 4 and my Linux rh 7.0 on my laptop. On my previous configuration (RH7.0), when I ping the new static IP address from a win2000pro workstation, I can see that MAC is being bound to the IP address I pinged. I'm sure of this because I can see it when I do a "arp -a". This works well with WinNT and Linux7.0. But now, I did a fresh new installation, plus new compiled kernel, 2.2.18, when I ping the static IP address, arp -a from win2kpro just gives me 00-00-00-00-00-00 invalid. Here is my actual /etc/fw/state/local.arp 192.168.0.102 00:60:97:98:0a:ca and here is my linux 6.1 routing table: [root@firewall /root]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 192.168.0.102 192.168.2.30 255.255.255.255 UGH 0 0 0 eth2 192.168.0.100 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 Another info, these are the same IP addresses I'm using right now with my linux 7.0 but with no eth2. I have also set the internal interface Security to Any. I need to do this since I am just on my test lab and all the IP address I am using is RFC1918 based. So, guys, I need your troubleshooting expertise. :-) Hmmm, I could have forgotten an Entry for make menuconfig (linux specifix, kernel). Any ideas here also? Thanks. .-------------------------------------------------------. o^o | Ronneil Camara | [email protected] | /V\ |--------------------| +| // \\ | "The only way to `----------------------------------| /( )\ | stop a hacker is to think like one." | ^^-^^ | ...brilliant misguided youth | `-------------------------------------------------------' ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|