That's was my initial thought, but nothing seems to get as far the firewall.
I'm logging pings and can see them from everywhere else, but I see NOTHING
at all
from router1 or behind. Surely if they got that far they would get logged,
even if there
is no return route?
I never included my entire routing table, but router1 and router2 work fine
for everything else.
I also had a Cisco guy here a while ago and he couldn't see anything wrong
with the routes on
my routers. I'm clueless.
-----Original Message-----
From: James Lee Bell [mailto:[email protected]]
Sent: 21 May 2002 08:38
To: Mailing list for discussion of Firewall-1; [email protected]
Subject: Re: [FW-1] Routing Question
How about the return trip?
- Routing on the firewall has to know how to send packets back to router
1 and behind it.
- Routing on router 2 has to know how to get back behind router 1.
The symptoms you describe with your traceroute point to the above, i.e.
once you send a ping with ttl of 2, that gets to the firewall but the
firewall's routing has no idea how to send back the ttl expired or ping
reply. Same applies for the DMZ. In fact, if you've got a default route
set on the firewall, it'll be going that direction instead of where you
want.
Firewall1 wrote:
Hi Don
Normal route statements on the routers, nothing special.
On 10.10.0.1:
- 10.30.0.0/16 [1/0] via 10.10.0.2
On 10.10.0.2:
- 10.30.0.0/16 [1/0] via 10.20.0.254
Doing a traceroute to an ip in the dmz from 10.10.0.1 or anything behind it
will
only get as far as 10.10.0.2 and then time out.
Any ideas?
-----Original Message-----
From: Don [mailto:[email protected]]
Sent: 20 May 2002 07:59
To: [email protected]
Subject: Re: [FW-1] Routing Question
Trying to access the DMZ, or even the FW's internal NIC from a second site
behind a second router fails on the local router's
serial link. Now that I've confused everyone, let me try an example:
- Router1 has an ISDN link on s0 (10.10.0.1) to Router2 on s0 (10.10.0.2)
- Router2 has an ethernet port leading to a LAN (10.20.0.1)
- The firewall's internal ip is 10.20.0.254
- The firewall's DMZ ip is 10.30.0.254
Routes are added on both routers to get to the DMZ, and it works fine on
the
10.20.0.0 network, but trying to get to the FW's internal
ip or the DMZ from either 10.10.0.1 or anything behind it only gets as far
as 10.10.0.2.
What are the route statements you have added to the routers?
How do you know traffic is only reaching 10.10.0.2?
-Don
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
