[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Antwort: Re: [FW-1] traceroute
Hi, I think in 4.1 you have to create a rule for the way back (src="Firewall" dst="my wrst" service="any or ICMP ...") becaus in 4.1 ICMP is not handled stateful (as far as I know, in NG it is). Best regards Marcus An: [email protected] Kopie: Thema: Re: [FW-1] traceroute [email protected] om Received : 11.06.2002 12:26 Bitte antworten an Mailing list for discussion of Firewall-1 On Mon, Jun 10, 2002 at 08:56:43AM -0500, Mehta, Phoram wrote: > Date: Mon, 10 Jun 2002 08:56:43 -0500 > Reply-To: Mailing list for discussion of Firewall-1 > <[email protected]> > From: "Mehta, Phoram" <[email protected]> > Subject: Re: [FW-1] traceroute > To: [email protected] > > Add a rule before your stealth rule to reply service="traceroute" src="your > wkst" dst="FW-1" > Hello Thank you for replying ;-) That is not the problem. My administration Linux Box is allowed to do anything in the first rule. (src="my wrst" dst="any" service="any") The firewall still does not send back traceroute answers. regards > -----Original Message----- > From: Hans-Joachim Hoetger [mailto:[email protected]] > Sent: Monday, June 10, 2002 8:10 AM > To: [email protected] > Subject: [FW-1] traceroute > > > Hello > I can not get traceroute through our FW1 V4.1 on Solaris. > The weird is, that the traceroute sometimes works. Then > without any changes, it fails. If i issue a traceroute from > my workstation on the clean side to a host on the internet > side it looks like this: > > me@work ~$ traceroute www.heise.de > 1 switch1.inside (bla.bla.bla.bla) > 2 * * * > 3 router1.outside (a.b.c.d) > 4 router2.outside (a.b.e.f) > 5 and so on > > Step 2 is the firewall. How can i tell the firewall to > answer? > regards > -- > Hans-Joachim Hoetger voice: +49-5246-80-1555 > mediaWays GmbH fax: +49-5246-80-2555 > I used to have a sig, but I've stopped smoking now. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= -- Hans-Joachim Hoetger voice: +49-5246-80-1555 mediaWays GmbH fax: +49-5246-80-2555 PGP: BA D3 11 1A 40 EB 29 35 D9 E2 84 5F 13 55 1E D3 07 6E D9 77 ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|