NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] IPSO Default Gateway Problem

Check to make sure DNS resolution works correctly...I've seen the ping
problem on linux boxes where dns wasn't configured...had to do with the
program trying to look up the name...  perhaps look at running ping with
a flag that skips dns lookups..unsure of what to do with telnet, but to
make sure where you are telnetting to / from has proper dns resolution...

Darren Lewis wrote:
Hi

I have a very strange problem where if I put the default gateway in the
same subnet as any one of the three interfaces on my Nokia IP330 (i.e. how
you would want it!), the firewall grinds to a halt for about 20-30 seconds
when doing some network operations.  I have noticed this when telnetting in
to the firewall, or doing a ping from within a serial console.  The telnet
session does nothing for a while and the ping just sits there, and then
after a while both just kick into life, as if everything is completely
normal.  If I remove the default gateway, everything works OK.  If I
disconnect the network cable from the interface connected to the default
gateway, the ping or telnet carries on without the normal 20-30 second
delay.  If I move the default gateway to a different interface the
behaviour remains, but the cable that I can disconnect to get the telnet of
ping going again changes accordingly.  This affects all pings and telnets,
not just those in/out of the interface with the 'problem'.  The box is a
clean install of Nokia IPSO 3.4.1-FCS11.  It doesn't make any difference
whether FW1 is running or not.  Any ideas at all?  This has to be one of
the more bizarre problems I have seen.

By the way, for those interested in a previous post where I managed to
corrupt the boot manager (by not doing an md5 on the image - idiot), I
managed to repair it.  I connected the knackered HDD as a slave on a second
IP330, and did a manual 'dd' from the master to the slave starting at
sector 63.  I was going to do it in FreeBSD, but doing it in IPSO seemed a
safer option.

If anyone has any ideas about the gateway thing, I'd love to hear from you.

Cheers

Darren Lewis

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================




--
Anthony Mendoza
IT & Customer Support
[email protected]
t:/ c:p:/ f:

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.