[FW1] Linux, VPN and ARP

[marco.rossi@FW1-NOSPAMasap-com.de]

Hi list,

I got a real hard one here - I guess :-)
Even my Reseller could not help me on that issue.

At first sight it might look simple; especially to those who already set up many
FW-1 with SecuRemote.

The task is realy easy:

Enable FW-1 to accept SecuRemote connections. The firewall (gateway) itself runs
on RedHat 7.0 and SecuRemote on W2k.
I�m able to connect to the firewall over the internet but it is IMPOSSIBLE to
reach resources on the LAN when I use "IP NAT Pool"

What my Reseller told me was that for IP NAT-Pool the IP addresses have to be
"put" on the internal interface by either "local.arp" for Windows (not in my
case) or "arp -s <ip> <mac> -i eth1 pub". But the arp stuff doesn�t work out.
Though my linux box accepts the command, replies to e.g. a PING from the
SecuRemote Client reaches the destination but the answer doesn�t come back (I
traced it down so I could see that the arp request wasn�t answered by the
firewall).

Can anybody tell me why the linux box doesn�t reply on the arp request (FW and
Linux box are on the same segment)?
Is this a linux thing?

The only workaround I found was to "put" the ip addresses on the interface.
But what if I need a pool of e.g. 200 addresses - is the linux kernel capable to
handle that much on one NIC?

Maybe I�m missing something... so I would be glad if anybody could give me a
hint.


Regards,
Marco




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================