NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Antwort: Re: [FW-1] traceroute



I am thinking you may just have a dns and timeout issue.  Try running the
traceroute without name resolution and maybe increase the timeouts.
----- Original Message -----
From: "Marcus Brosda" <[email protected]>
To: <[email protected]>
Sent: Wednesday, June 12, 2002 8:24 AM
Subject: [FW-1] Antwort: Re: [FW-1] traceroute


> Hi,
>
> I think in 4.1 you have to create a rule for the way back (src="Firewall"
> dst="my wrst" service="any or ICMP ...") becaus in 4.1 ICMP is not handled
> stateful (as far as I know, in NG it is).
>
> Best regards
> Marcus
>
>
>
>
>
>
>
>                                                                       An:
[email protected]
>
Kopie:
>
Thema:   Re: [FW-1] traceroute
>
>              [email protected]
>              om
>              Received :  11.06.2002 12:26
>              Bitte antworten an Mailing list for discussion
>              of Firewall-1
>
>
>
>
>
>
> On Mon, Jun 10, 2002 at 08:56:43AM -0500, Mehta, Phoram wrote:
> > Date:         Mon, 10 Jun 2002 08:56:43 -0500
> > Reply-To: Mailing list for discussion of Firewall-1
> >               <[email protected]>
> > From: "Mehta, Phoram" <[email protected]>
> > Subject:      Re: [FW-1] traceroute
> > To: [email protected]
> >
> > Add a rule before your stealth rule to reply service="traceroute"
src="your
> > wkst" dst="FW-1"
> >
> Hello
> Thank you for replying ;-)
> That is not the problem. My administration Linux Box is
> allowed to do anything in the first rule. (src="my wrst"
> dst="any" service="any") The firewall still does not send
> back traceroute answers.
> regards
>
>
>
> > -----Original Message-----
> > From: Hans-Joachim Hoetger [mailto:[email protected]]
> > Sent: Monday, June 10, 2002 8:10 AM
> > To: [email protected]
> > Subject: [FW-1] traceroute
> >
> >
> > Hello
> > I can not get traceroute through our FW1 V4.1 on Solaris.
> > The weird is, that the traceroute sometimes works. Then
> > without any changes, it fails. If i issue a traceroute from
> > my workstation on the clean side to a host on the internet
> > side it looks like this:
> >
> > me@work ~$ traceroute www.heise.de
> > 1  switch1.inside (bla.bla.bla.bla)
> > 2  * * *
> > 3  router1.outside (a.b.c.d)
> > 4  router2.outside (a.b.e.f)
> > 5  and so on
> >
> > Step 2 is the firewall. How can i tell the firewall to
> > answer?
> > regards
> > --
> > Hans-Joachim Hoetger                      voice: +49-5246-80-1555
> > mediaWays GmbH                            fax:   +49-5246-80-2555
> >           I used to have a sig, but I've stopped smoking now.
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
> --
> Hans-Joachim Hoetger                      voice: +49-5246-80-1555
> mediaWays GmbH                            fax:   +49-5246-80-2555
> PGP: BA D3 11 1A 40 EB 29 35 D9 E2  84 5F 13 55 1E D3 07 6E D9 77
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.