[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Routing Question
No ICMP, but I'm logging it, so I would see it being dropped. The problem was incorrect definitions in the spoofing settings for that interface, and it wasn't logging for some reason. Also a good illustration of the fact that regardless what your rulebase says, if the spoofing isn't defined properly then you won't get anywhere. Suppose I should have checked that first after the upgrade...*blush* Anyway, thanks for all the feedback. Cheers -----Original Message----- From: Don [mailto:[email protected]] Sent: 21 May 2002 02:41 To: [email protected] Subject: Re: [FW-1] Routing Question > Normal route statements on the routers, nothing special. > > On 10.10.0.1: > - 10.30.0.0/16 [1/0] via 10.10.0.2 > > On 10.10.0.2: > - 10.30.0.0/16 [1/0] via 10.20.0.254 > > Doing a traceroute to an ip in the dmz from 10.10.0.1 or anything behind it > will > only get as far as 10.10.0.2 and then time out. Does your rule set allow ICMP to the firewall and to systems behind it? What exactly does your rule set say? -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ---------------------------------------------------------------------------- -- Warning : The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this message and then delete it from your computer. All e-mail sent to this address will be received by the Providian Financial corporate e-mail system and is subject to archiving and review by someone other than the recipient. ============================================================================ == ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|