[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Antwort: Re: [FW-1] traceroute
I am thinking you may just have a dns and timeout issue. Try running the traceroute without name resolution and maybe increase the timeouts. ----- Original Message ----- From: "Marcus Brosda" <[email protected]> To: <[email protected]> Sent: Wednesday, June 12, 2002 8:24 AM Subject: [FW-1] Antwort: Re: [FW-1] traceroute > Hi, > > I think in 4.1 you have to create a rule for the way back (src="Firewall" > dst="my wrst" service="any or ICMP ...") becaus in 4.1 ICMP is not handled > stateful (as far as I know, in NG it is). > > Best regards > Marcus > > > > > > > > An: [email protected] > Kopie: > Thema: Re: [FW-1] traceroute > > [email protected] > om > Received : 11.06.2002 12:26 > Bitte antworten an Mailing list for discussion > of Firewall-1 > > > > > > > On Mon, Jun 10, 2002 at 08:56:43AM -0500, Mehta, Phoram wrote: > > Date: Mon, 10 Jun 2002 08:56:43 -0500 > > Reply-To: Mailing list for discussion of Firewall-1 > > <[email protected]> > > From: "Mehta, Phoram" <[email protected]> > > Subject: Re: [FW-1] traceroute > > To: [email protected] > > > > Add a rule before your stealth rule to reply service="traceroute" src="your > > wkst" dst="FW-1" > > > Hello > Thank you for replying ;-) > That is not the problem. My administration Linux Box is > allowed to do anything in the first rule. (src="my wrst" > dst="any" service="any") The firewall still does not send > back traceroute answers. > regards > > > > > -----Original Message----- > > From: Hans-Joachim Hoetger [mailto:[email protected]] > > Sent: Monday, June 10, 2002 8:10 AM > > To: [email protected] > > Subject: [FW-1] traceroute > > > > > > Hello > > I can not get traceroute through our FW1 V4.1 on Solaris. > > The weird is, that the traceroute sometimes works. Then > > without any changes, it fails. If i issue a traceroute from > > my workstation on the clean side to a host on the internet > > side it looks like this: > > > > me@work ~$ traceroute www.heise.de > > 1 switch1.inside (bla.bla.bla.bla) > > 2 * * * > > 3 router1.outside (a.b.c.d) > > 4 router2.outside (a.b.e.f) > > 5 and so on > > > > Step 2 is the firewall. How can i tell the firewall to > > answer? > > regards > > -- > > Hans-Joachim Hoetger voice: +49-5246-80-1555 > > mediaWays GmbH fax: +49-5246-80-2555 > > I used to have a sig, but I've stopped smoking now. > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > -- > Hans-Joachim Hoetger voice: +49-5246-80-1555 > mediaWays GmbH fax: +49-5246-80-2555 > PGP: BA D3 11 1A 40 EB 29 35 D9 E2 84 5F 13 55 1E D3 07 6E D9 77 > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|