NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SIMPLE QUESTION



Don't forget that in addition to creating your NAT rules, you also have to
create your rule-set describing what you do and do not allow to pass through
your firewall.  You also have to add routing statements from the command
line on the firewall machine itself to route your internal nets through to
the next hop on your internal LAN.

Noel T. Stafford
CCSA, CCSE, CCFE
Network Engineer
IT - Data Communications Group
Western Wireless Corporation
[email protected]


-----Original Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Wednesday, May 02, 2001 7:53 AM
To: [email protected]
Subject: [FW1] SIMPLE QUESTION



I have installed fw1-41 (standalone) on my Sun 
ultra OE Solaris8, which all went well. 
My fw1 has two nic, one hme0 and one lane0 where the 
hme0 is connected to my internal net with private 
ip-addresses and my lane0 card is connected to the 
external network.

Here I want to protect my internal net and also do
a hiding NAT where I use the public ip-address
from lane0 to route the packets on the external net.

It is here my problems start, how I try to configure
my firewall it doesn't seem to happen anything with
the packets. For example I try to ping a computer
on my external net from my internal it does not
translate the address.

I think that is the most simplest configuration and 
should not be any problems.




In network object I have configured:
internal-net	(internal, broadcast allowed, automatic
		 NAT and hide)
external-net	(external, broadcast allowed)
firewall	(internal, gateway, 2 nic, vpn&fw-1 
		 modules)

This generates my NAT Standard, which seems to be ok.


In my Security policy standard rule no.1 says:
source:		internal-net
destination: 	external-net
service:	any
action:		accept
install on:	all
time:		any


That is my first basic configuration which I
want to test.


Other things to know:

I have enabled fw-1 in startup. In boot or when I 
run /opt/CPfw1-41/fwstart it says
"fetching security policy from local host failed"


When I run /opt/CPfw1-41/fwpolicy it says
"
Wind/U Warning (270): Individual setting of locale environment 
variables unsupported (LC_CTYPE); set LANG instead.
Wind/U Warning (270): Individual setting of locale environment 
variables unsupported (LC_NUMERIC); set LANG instead.
Wind/U Warning (270): Individual setting of locale environment 
variables unsupported (LC_TIME); set LANG instead.
OLE API Function CoCreateGuid is not currently implemented.  
Further warnings will be suppressed
"

Last thing, my .profile in root is
FWDIR=/opt/CPfw1-41; export FWDIR
PATH=$PATH:$FWDIR/bin:/usr/local/bin:/usr/sbin; export PATH
MANPATH=/usr/man:$FWDIR/man:/usr/local/man; export MANPATH


I hope I have described my situation and configuration
enough and hope that maybe anyone can advice me 
what to do. 

thanks a lot.
Andreas Olsson




-------------- End Forwarded Message --------------


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.