Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Strange routing problems with FW1 running

To: [email protected]
Subject: Re: [FW-1] Strange routing problems with FW1 running
From: Patrick Lotti <[email protected]>
Date: Fri, 1 Feb 2002 08:43:14 +0100
Organization: ISION Internet AG
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi

[excellent asccii-art network diagram!]

Well, spoofing was my first thought. At least you have to define new
network objects, or modify the existing ones in "Specific (Valid-addresses)"
You should review the addresses used in the anti-spoofing configuration, or
try to disable it for ten minutes in order to test (while the firewall is
unplugged from the internet, just to be safe).


Anyway, to be sure where the packets get lost, do a

cd $FWDIR/bin
./fw monitor -e 'accept tcp;' -m iIoO;

while nobody else is making traffic,
or with filter, if the remembered systax is correct:

./fw monitor -e 'accept tcp, src=192.168.1.10 or src=200.200.200.50;' -m iIoO;


Then you should know which packets get lost, is SYN dropped, or SYNACK,
or is there NAT activated changing the address so that's no way back...

Regards,
Patrick

Chris Moore wrote:
>
> Good thought...you think I should disable all anti-spoofing before changing
> addresses and then reconfigure afterwards?
>
> ...
> Chris
>
> -----Original Message-----
> From: Patrick Lotti [mailto:[email protected]]
> Sent: Thursday, January 31, 2002 2:51 AM
> To: [email protected]
> Subject: Re: [FW-1] Strange routing problems with FW1 running
>
> Hi,
>
> I just thought:
> Rule 0 is anti-spoofing. As you have new IP addresses, maybe there's
> still anti-spoofing configured, allowing only the previous adresses?
>
> Patrick

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Strange routing problems with FW1 running
  - From: Chris Moore <[email protected]>

Prev by Date: [FW-1] RADIUS AUTHENTICATION TIMEOUT
Next by Date: Re: [FW-1] Service entries
Previous by thread: Re: [FW-1] Strange routing problems with FW1 running
Next by thread: Re: [FW-1] Strange routing problems with FW1 running
Index(es):
- Date
- Thread