[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Too Many Internal Hosts Detected
>I am getting the dreaded "too many internal hosts detected" the external.if >file contains the name of the correct interface N1003, I have checked the >table using "fw lichosts" and the majority of the addresses are foreign >apart from the destination IPs of most of the foreign addresses being my >internal subnets broadcast address. Also I have bounced and removed fwd.h >and fwd.hosts this stops the messages for a day or so then they return. Some things to note: The format of the 'fw lichosts' output is kinda of funny... this is because you will notice it is reporting the "host:x.x.x.x" IP Address BACKWARDS...... So in the example entry below: "El90 24/4/2001 21:56> host:90.12.254.169 src:169.254.12.90 dst:169.254.255.255 proto:udp sport:nbdatagram dport:nbdatagram" El90 is the Interface name. DOUBLE and TRIPLE check to make sure you have defined the interface names properly in the Firewall object, and also in the external.if file. Sometimes people mistake "1" (one) and "l" (the lower case of letter L), and "0" (zero) and "O" (the letter O). The best way to go around this is to do a Get in the Interfaces tab - if you can't do a get, just copy and paste the interface name directly from the "ipconfig" output. Notice that host is "host:90.12.254.169" ...it is actually the reverse of "src:169.254.12.90" You may say you don't know what the heck the "host:90.12.254.169" address is, but if you read it backwards it may make sense to you... hehe. Also note that all Microsoft IP stacks will assign the "169.254.x.x" address if the system is setup to use DHCP and it is unable to receive an IP address from a DHCP server. In the long run, this address can change, and the firewall continues keeping track of these addresses, they pile up, and you end up getting "too many internal hosts" errors... Check your network for systems/routers/printers/switches/coffee-makers/soda-machines that have DHCP enabled.. :) Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|