[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SIMPLE QUESTION
Don't forget that in addition to creating your NAT rules, you also have to create your rule-set describing what you do and do not allow to pass through your firewall. You also have to add routing statements from the command line on the firewall machine itself to route your internal nets through to the next hop on your internal LAN. Noel T. Stafford CCSA, CCSE, CCFE Network Engineer IT - Data Communications Group Western Wireless Corporation [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, May 02, 2001 7:53 AM To: [email protected] Subject: [FW1] SIMPLE QUESTION I have installed fw1-41 (standalone) on my Sun ultra OE Solaris8, which all went well. My fw1 has two nic, one hme0 and one lane0 where the hme0 is connected to my internal net with private ip-addresses and my lane0 card is connected to the external network. Here I want to protect my internal net and also do a hiding NAT where I use the public ip-address from lane0 to route the packets on the external net. It is here my problems start, how I try to configure my firewall it doesn't seem to happen anything with the packets. For example I try to ping a computer on my external net from my internal it does not translate the address. I think that is the most simplest configuration and should not be any problems. In network object I have configured: internal-net (internal, broadcast allowed, automatic NAT and hide) external-net (external, broadcast allowed) firewall (internal, gateway, 2 nic, vpn&fw-1 modules) This generates my NAT Standard, which seems to be ok. In my Security policy standard rule no.1 says: source: internal-net destination: external-net service: any action: accept install on: all time: any That is my first basic configuration which I want to test. Other things to know: I have enabled fw-1 in startup. In boot or when I run /opt/CPfw1-41/fwstart it says "fetching security policy from local host failed" When I run /opt/CPfw1-41/fwpolicy it says " Wind/U Warning (270): Individual setting of locale environment variables unsupported (LC_CTYPE); set LANG instead. Wind/U Warning (270): Individual setting of locale environment variables unsupported (LC_NUMERIC); set LANG instead. Wind/U Warning (270): Individual setting of locale environment variables unsupported (LC_TIME); set LANG instead. OLE API Function CoCreateGuid is not currently implemented. Further warnings will be suppressed " Last thing, my .profile in root is FWDIR=/opt/CPfw1-41; export FWDIR PATH=$PATH:$FWDIR/bin:/usr/local/bin:/usr/sbin; export PATH MANPATH=/usr/man:$FWDIR/man:/usr/local/man; export MANPATH I hope I have described my situation and configuration enough and hope that maybe anyone can advice me what to do. thanks a lot. Andreas Olsson -------------- End Forwarded Message -------------- ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|