[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] routing problem
Idan Site B is able to browse the Internet since its default gateway is Site A and Site A's default gw is firewall. What site B does not know is that there is a network 192.168.0.0. If you have a static route indicating this like: route add -net 192.168.0.0 netmask 255.255.255.0 gw site A you should be able to ping site A hosts from Site B Regards, Naresh Idan Dolev wrote: > Guys, > > I have firewall 4.1 SP3 on NT 4.0 SP6. > > the site config is as follow: > > internet > | > | > | > firewall > | > | SITE A > -------------- > | | > client router A----------------------------router B > | > | SITE B > --------------------------- > | > client > > in words...2 Lan's are connected using Cisco routers. site is > 192.168.0.0/24 and site b is 192.168.1.0/24 > the firewall has rule base which allows everything from site A to site B. > Site B is able to serf the internet going throw the firewall. > Router B default gw is router A, router A default gw is the firewall plus a > route indicating that if you want to reach 192.168.1.0 you should go throw > routers B. > On the firewall there is a static route indicating that if you want to reach > 192.168.1.0 you should go throw router A. > If I ping site B from site A everything works like a charm. > If I try to ping from site B to A, I do not get any answer. > If I insert manually on one of the stations in site A a route indicating > that if you want to reach 192.168.1.0 you should go throw router A, and than > ping from B to A, it works...... > So to conclude. > > A ping is sent from site B to A, reaches his destination ( since it is its > only route to the world ), the machine from site A asks the default gw > (which is the fw ) which where to go, the firewall either > > does not give the correct ICMP REPLY > > the station does not know how to handle the ICMP REPLY. > > now I checked this config with various clients since I know win9x does not > know how to handle ICMP redirect so assume I am using win2K as clients. > > I then disabled in my firewall using a registry key the entry for ICMP > redirect which means that he would not send it any more, and still it does > not work. > > so the routing is good since SITE B goes the internet throw the firewall so > where is the problem ? > > Idan > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|