|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Packet out od state from second level inside network
I think tahat routing is done correctly. Router is aware of directly connected LAN-s (LAN and LAN2) and it has default route to CPFW. CPFW has default route ot external interface and static route to LAN2. The logic is that if packet for LAN2 directed to LAN hits CPFW (because of default gateway in net device in LAN is pointed to CPFW) it is send to router witch is aware of LAN2. But the problem is that this packet is first picked up by CPFW checked agains rules, NAT-ed, routed and then droped (don't know whay) by CPFW. This explains whay I have NAT and classical roules for LAN2. Are you saying that I should reverse logic and I should change default gateway in every network device in LAN (from CPFW to router)? by Metod >>> Dale Wilson <[email protected]> 11.6.2002 18:13:59 >>> Firstly, if you've got the routing right you don't need any firewall rules (NAT or security) for connections between LAN and LAN2. Is the problem only occurring for communications between LAN and LAN2 (i.e. can LAN and LAN2 talk to the Internet without a problem)? You may find that traffic from LAN to LAN2 is routed through CP first and traffic from LAN2 via router is not. Check that LAN routes to LAN2 directly through router and not CP, and that router does not route traffic from LAN2 to LAN via CP. At 17:40 10/06/2002 +0200, you wrote: >Hi, > > I'm dealin with problem how to pass thru packets form second level network. > >Running CP FW-1 NG (BTW: Same problem occurs on CP FW1 4.1) with two NIC-s. >Everything works fine until I have connected another network behind FW. >Somethin like ... > > > (Internet)------(CP FW1 NG)-------(LAN)------(router)-------(LAN2) > > >FW-1 is running hiding NAT for LAN and some static NAT for internet >services like WEB, FTP ect. > >I have added hiding NAT for LAN2 to acces internet. >Added route to LAN2 so FW-1 is aware of LAN2 (router betwen LAN-s is doing >classical IP routing) >Added NAT roules for communication between LAN and LAN2, as they need no >NAT to communicate. >Added access rules for LAN2 to acces LAN and internet. > >Everything looks setup prefect, then we get to the problem. All packets I >get form LAN to are reported out of state. >Message is folowing: >th_flags ## message_info TCP packet out of state > >For the record: I can ping devices in LAN2 from CP FW1. > >Does anyone have any idea. I've lost a lot of time on that and I run out >of ideas. :-( > >Best regards > > Metod > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
