Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] IPSO Default Gateway Problem

To: [email protected]
Subject: [FW-1] IPSO Default Gateway Problem
From: Darren Lewis <[email protected]>
Date: Wed, 12 Jun 2002 19:21:27 +0100
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi

I have a very strange problem where if I put the default gateway in the
same subnet as any one of the three interfaces on my Nokia IP330 (i.e. how
you would want it!), the firewall grinds to a halt for about 20-30 seconds
when doing some network operations.  I have noticed this when telnetting in
to the firewall, or doing a ping from within a serial console.  The telnet
session does nothing for a while and the ping just sits there, and then
after a while both just kick into life, as if everything is completely
normal.  If I remove the default gateway, everything works OK.  If I
disconnect the network cable from the interface connected to the default
gateway, the ping or telnet carries on without the normal 20-30 second
delay.  If I move the default gateway to a different interface the
behaviour remains, but the cable that I can disconnect to get the telnet of
ping going again changes accordingly.  This affects all pings and telnets,
not just those in/out of the interface with the 'problem'.  The box is a
clean install of Nokia IPSO 3.4.1-FCS11.  It doesn't make any difference
whether FW1 is running or not.  Any ideas at all?  This has to be one of
the more bizarre problems I have seen.

By the way, for those interested in a previous post where I managed to
corrupt the boot manager (by not doing an md5 on the image - idiot), I
managed to repair it.  I connected the knackered HDD as a slave on a second
IP330, and did a manual 'dd' from the master to the slave starting at
sector 63.  I was going to do it in FreeBSD, but doing it in IPSO seemed a
safer option.

If anyone has any ideas about the gateway thing, I'd love to hear from you.

Cheers

Darren Lewis

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] IPSO Default Gateway Problem
  - From: Anthony Mendoza <[email protected]>
- Re: [FW-1] IPSO Default Gateway Problem
  - From: BillO <[email protected]>

Prev by Date: Re: [FW-1] "Accept ICMP"
Next by Date: Re: [FW-1] IPSO Default Gateway Problem
Previous by thread: [FW-1] Solaris 2.6 will not be supported on VPN-1/FireWall-1 4.1 SP6 and beyond
Next by thread: Re: [FW-1] IPSO Default Gateway Problem
Index(es):
- Date
- Thread