| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] big trouble with NG
- To: [email protected]
- Subject: [FW-1] big trouble with NG
- From: Walter Nordmann <[email protected]>
- Date: Sun, 10 Feb 2002 10:08:40 +0100
- Comments: cc: Christoph Kiechle <[email protected]>
- Importance: high
- Priority: Urgent
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcGyEnWccqtYIUbVTTyJ7xMJ2SGcig==
- Thread-topic: big trouble with NG
Title: big trouble with NG
hi everybody,
i'm in really big trouble using fw1 ng (base/hf1/hf2)
my fw1 management station is connected to two fw1-modules running stonebeat ha on solaris..
FW-M
!
!
HUB
/ \
/ \
/ \
FW1----FW2 STONEBEAT-LINK BETWEEN FW1 AND FW2
! :
! :
! :
------------------------- LAN
!
!
FW-GUI-Client
FW-M (Firewall management) is using fw1 and fw2 as default-router. when FW1 is up and FW-M tries to talk to FW2, FW2 should send a ICMP redirect which says" please use fw1 as router".
that's fine.
but: this packet is dropped by the firewall on FW2
logentry: icmp-type 5 icmp-code 1 message_info ICMP packet out of state
rule: no entry, not even rule zero
global properties: accept outgoing packet origination from gateway is first
it could be something like the old "unknown established tcp packet" - problem, but the fix for 4.1 does not work for ng, because there is no
ALLOW_NON_SYN_RULEBASE_MATCH in fwui_head.def
best regards
walter nordmann, cards engineering, germany
|
|
