[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] NAT of ICMP changes to wrong IP address.
HI all, I am running Firewall-1 V4.1 Build 4031 on a Nokia IP440. I moved my v3.0 databases over (from a Solaris 2.6 box) and started a new. I am currently in production phase and here is the problem. The first octet of the IP address does not get translated correctly in certain instances. This happens (in the same circumstances) with either my hide NAT for my internal network or when doing a static NAT for an IP. It seems to happen when I do a PING from an internal system (ie: 10.1.2.3 NAT is y.y.y.y) to an external IP (x.x.x.x). The ping does not works not work all the time interface source destination proto xlated source xlated destination ge0 (internal) 10.1.2.3 x.x.x.x icmp 40.y.y.y x.x.x.x hme0 (external) x.x.x.x 10.1.2.3 icmp 1.x.x.x y.y.y.y If my hide NAT is y.y.y.y is always makes the first octet a 40 yet if I run my browser or do an ftp to a site on the internet, the 'xlated source' IP address is correct. I have checked the settings of my NICs (ifconfig), my routing (netstat), my arp (arp), my hosts, and my Firewalled object... This problem is very similar to a problem someone posted a year ago but I did not locate a solution to it. Thanks for your help in advance. Please let me know what other data I can provide that would be helpful in troubleshooting this. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|