[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1]

To: [email protected]
Subject: [FW-1]
From: MURAT BALKAS <[email protected]>
Date: Tue, 27 Nov 2001 08:10:39 +0200
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

     I've some problems about multicast & checkpoint FW1. I posted
following messages to ipmulticast mailing list but I couldn't get any
answers. Do you have any opinion?

Thanks,
Murat

----- Forwarded by MURAT BALKAS/IS/OKSIJEN on 11/26/2001 05:36 PM -----

Hi,

     I'm trying to route multicast traffic through Checkpoint FW1 4.1 SP3
installed on Solaris 7. This's my test firewall and not connected to real
world. It has two interfaces. 172.21.2.0/24 and 192.168.52.0/25 networks.
I'm using timecast server and client to test the multicast routing. And the
router is mrouted 3.8

     If firewall is stopped, everything's Ok. Time is synchronized. But, If
I start the firewall everything stops working. Time is not synchronized and
I can't see anything on Firewall logs. If I run mrouted with -d 3 I can see
that the client does not send new member report.

     I couldn't find the problem. Any help would be greatly appreciated.

Murat

     FYI : Anti-spoofing is off and any to ant on any ports allowed on my
firewall.

----------------------------------------------------------------

Hi,

     after continuing some tests I found following.

1) I stopped the firewall.
2) run the client and the server. Saw that time synchronized regularly. The
client and server joined the default group 234.5.6.7 and they communicated
through default port 8910.
3) kept the client and server running and started the firewall with the
rule that accepts all traffic.
4) time gets synchronized during 2-3 minutes
5) after a while saw following messages on the console from mrouted.

     17:03:12.232   ageing entries
     17:03:13.232   group 234.5.6.7 left on vif 1
     17:03:13.232   delete lclgrp ( 172.21.2/24 234.5.6.7 ) gm:1
     17:03:14.232   group 234.5.6.7 left on vif 0
     17:03:14.232   delete lclgrp ( 172.21.2/24 234.5.6.7 ) gm:0

6) after these messages time does not get synchronized.

     The fourth item says me that multicast routing works when the firewall
is on. I think that my problem is about igmp messages. What do you think?
How can I solve this prolem?

Murat

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1]
  - From: saman kumara dissanayake <[email protected]>

Prev by Date: Re: [FW-1] SecureRemote/SecureClient on win9x w/ NT authenticatio n..
Next by Date: [FW-1] newbie's question on securemote
Prev by thread: Re: [FW-1]
Next by thread: Re: [FW-1]
Index(es):
- Date
- Thread