Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NG Proxy on Nokia

To: [email protected]
Subject: [FW-1] NG Proxy on Nokia
From: Derek Jones <[email protected]>
Date: Tue, 9 Apr 2002 13:30:58 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I?ve got a problem setting up Non-transparent User Authentication (proxy)
on a Nokia IP440 with IPSO 3.4.2 and CP FW1 NG FP1.

I?ve set prompt_for_destination to true and loaded the database on the
firewall.

I telnet to the inside interface of the firewall, and then I am prompted
for my firewall username and password. After the firewall approves, I am
prompted for destination. I enter the IP address of my outside ISP router
and then get a connection refused. I've also tried with an enrty in the
host file. The router interface is not in DNS.

I can telnet from the console of the firewall to the router. The fw logs
show that my telnet session is approved.

The same happens for ftp out to a remote server(ftp.cisco.com). From
inside, I get a server closed connection, but it works from the console.

I have private IP addresses inside the firewall and do not have NAT
enabled. I have a split DNS installation where the Nokia's DNS server is
only for outside entries.

When I run a sniffer on the outside network, I see the firewall perform a
DNS lookup for the name, and then it does a reverse lookup for the IP
address of the remote server. I also see dns lookups for localhost, and
the hostname of my firewall (hqflab02).

These names are in the hosts file and hosts.equiv is set to host then
bind. The reverse lookups and the lookups of the firewall do fail. I do
not see any other traffic from the firewall after the DNS lookups fail.





=====
--
Derek C. Jones  - RCDD/LAN, CCDP, CCNA, MCSE, CNE
Scouter - BSA Troop 994 Woodstock, GA
http://www.geocities.com/dcjones21/
[email protected]

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Newbie Question
Next by Date: [FW-1] Réf. : [FW-1] Connection timed out when downloading policy
Previous by thread: Re: [FW-1] Connection timed out when downloading policy
Next by thread: [FW-1] Réf. : [FW-1] Connection timed out when downloading policy
Index(es):
- Date
- Thread