NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Linux, VPN and ARP



Hi

IP NAT Pool:
---------------
Do you use addresses from the same net segment like the firewall has its
interfaces on?

I have never added any arp entries for my sr clients.....I am using a
private /24 net for the IP NAT thingy. Important is, that your inside
servers must know the way back to your virtual "IP NAT Pool"-net (the sr
entrypoint) and the "IP NAT Pool"-net shouldn't be in the encryption domain.

regards,
mike

----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Monday, May 07, 2001 8:04 PM
Subject: [FW1] Linux, VPN and ARP

> The task is realy easy:
> Enable FW-1 to accept SecuRemote connections. The firewall (gateway)
itself runs
> on RedHat 7.0 and SecuRemote on W2k.
> I´m able to connect to the firewall over the internet but it is IMPOSSIBLE
to
> reach resources on the LAN when I use "IP NAT Pool"
>
> What my Reseller told me was that for IP NAT-Pool the IP addresses have to
be
> "put" on the internal interface by either "local.arp" for Windows (not in
my
> case) or "arp -s <ip> <mac> -i eth1 pub". But the arp stuff doesn´t work
out.
> Though my linux box accepts the command, replies to e.g. a PING from the
> SecuRemote Client reaches the destination but the answer doesn´t come back
(I
> traced it down so I could see that the arp request wasn´t answered by the
> firewall).
>
> Can anybody tell me why the linux box doesn´t reply on the arp request (FW
and
> Linux box are on the same segment)?
> Is this a linux thing?
>
> The only workaround I found was to "put" the ip addresses on the
interface.
> But what if I need a pool of e.g. 200 addresses - is the linux kernel
capable to
> handle that much on one NIC?
>
> Maybe I´m missing something... so I would be glad if anybody could give me
a
> hint.
>
> Regards,
> Marco




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.