[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Linux, VPN and ARP
Hi IP NAT Pool: --------------- Do you use addresses from the same net segment like the firewall has its interfaces on? I have never added any arp entries for my sr clients.....I am using a private /24 net for the IP NAT thingy. Important is, that your inside servers must know the way back to your virtual "IP NAT Pool"-net (the sr entrypoint) and the "IP NAT Pool"-net shouldn't be in the encryption domain. regards, mike ----- Original Message ----- From: <[email protected]> To: <[email protected]> Sent: Monday, May 07, 2001 8:04 PM Subject: [FW1] Linux, VPN and ARP > The task is realy easy: > Enable FW-1 to accept SecuRemote connections. The firewall (gateway) itself runs > on RedHat 7.0 and SecuRemote on W2k. > I´m able to connect to the firewall over the internet but it is IMPOSSIBLE to > reach resources on the LAN when I use "IP NAT Pool" > > What my Reseller told me was that for IP NAT-Pool the IP addresses have to be > "put" on the internal interface by either "local.arp" for Windows (not in my > case) or "arp -s <ip> <mac> -i eth1 pub". But the arp stuff doesn´t work out. > Though my linux box accepts the command, replies to e.g. a PING from the > SecuRemote Client reaches the destination but the answer doesn´t come back (I > traced it down so I could see that the arp request wasn´t answered by the > firewall). > > Can anybody tell me why the linux box doesn´t reply on the arp request (FW and > Linux box are on the same segment)? > Is this a linux thing? > > The only workaround I found was to "put" the ip addresses on the interface. > But what if I need a pool of e.g. 200 addresses - is the linux kernel capable to > handle that much on one NIC? > > Maybe I´m missing something... so I would be glad if anybody could give me a > hint. > > Regards, > Marco ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|