[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] traffic unflowing...helpers please
If you can't hit the router, check on the router, if its a cisco router, turn on icmp debugging, and check to see if the packets are getting there, and if its sending them back out the correct port. Check your routing tables. WHen you did your route add, did you use the -p flag to make them permanent? if not you'll have to re-add them after every reboot. Watch the logs in the firewall carefully as your pinging stuff on the far side. I've had this problem myself on initial setup of two firewalls at two different companies, and in both cases it was a routing issue. Try uninstalling your policy. If you can get traffic through with the policy uninstalled, its a policy issue, if you can't, its a routing issue. One of my routing issues turned out to be an old version of IOS on an old cisco router. The route was setup something like ip route x.x.x.x eth0, when I changed the eth0 to the actual netxt hop gateway address it worked just fine. -----Original Message----- From: Patrick James [mailto:[email protected]] Sent: Wednesday, June 06, 2001 12:06 AM To: [email protected] Subject: [FW1] traffic unflowing...helpers please Hi all, I have a FW1 version 4.1 SP2 installation on WinNT 4.0 SP6. My network is a simple one where I have couple of servers on the LAN and a Router, the FW1 is pretty sitting between the LAN and the Router. I configured the proper NAT and security policy settings absolutely no problem with that. I created a 'local.arp' file under 'state' directory also added a 'route add' at the cmd prompt. On the NAT, I selected 'Static' and mapped couple of my servers to 2 nos. of global IP addresses. I even tried the security setting as 'All to ALL' and nothing went good. The thing is that both the internal LAN servers could ping the external NIC of the FW1 while they could not ping anything host beyond. including the Router which is also un-pingable. I could even find the traffic generated by these 2 servers at the log viewer "Active Account" of FW1. Where could be problem? Any helpers please...... thanks James _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|