| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] NAT of ICMP changes to wrong IP address.
HI all,
I am running Firewall-1 V4.1 Build 4031 on a Nokia IP440. I moved my
v3.0 databases over (from a Solaris 2.6 box) and started a new. I am
currently in production phase and here is the problem.
The first octet of the IP address does not get translated correctly in
certain instances. This happens (in the same circumstances) with either my
hide NAT for my internal network or when doing a static NAT for an IP. It
seems to happen when I do a PING from an internal system (ie: 10.1.2.3 NAT
is y.y.y.y) to an external IP (x.x.x.x). The ping does not works not work
all the time
interface source destination proto xlated
source xlated destination
ge0 (internal) 10.1.2.3 x.x.x.x icmp
40.y.y.y x.x.x.x
hme0 (external) x.x.x.x 10.1.2.3 icmp
1.x.x.x y.y.y.y
If my hide NAT is y.y.y.y is always makes the first octet a 40 yet if I run
my browser or do an ftp to a site on the internet, the 'xlated source' IP
address is correct.
I have checked the settings of my NICs (ifconfig), my routing (netstat), my
arp (arp), my hosts, and my Firewalled object...
This problem is very similar to a problem someone posted a year ago but I
did not locate a solution to it.
Thanks for your help in advance. Please let me know what other data I can
provide that would be helpful in troubleshooting this.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
