Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 ser ver

[Trent Libby <trent@FW1-NOSPAMSYSDYNEINC.COM>]

To my knowledge Proxy ARP does not work in Windows NT or Win2K.  You need to
create a file c:\winnt\fw\state\local.arp and put your entries in it like
the following:

translated_ip_address    mac_address


Trent Libby

-----Original Message-----
From: William Wang [mailto:williamw@XEYE.COM]
Sent: Thursday, September 26, 2002 1:19 PM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 ser
ver

Yes, I did ARP from my FW-4.1 firewall, it's a Linux box. The command is
like this:

arp -s 209.10.25.23  00:AB:6D:C3:D7:2B pub

but I didn't find a "pub" option from my newly built Windows 2000 server NG
firewall box.

Thanks,
William

-----Original Message-----
From: Bill [mailto:wosterman1@COMCAST.NET]
Sent: Thursday, September 26, 2002 1:46 PM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000
server


I do not know how to do it myself, but the arp -s option sets a static arp
entry that the workstation will use when trying to connect to said ip
address.  You need to create an arp entry that is "published" so that the
workstation will proxy the request.
----- Original Message -----
From: "William Wang" <williamw@XEYE.COM>
To: <FW-1-MAILINGLIST@beethoven.us.checkpoint.com>
Sent: Thursday, September 26, 2002 11:31 AM
Subject: [FW-1] Problem with arp -s in NG firewall on Windows 2000 server


> Hi all,
>
> I want to set a NG (feature pack 2) testing firewall on Windows 2000
server.
>
> I want to set up a Web server at my DMZ network side. It's IP address is
> 192.168.3.211. This IP is an invalid one. I want to give it a valid IP
> address.
>
> What I did is like this:
>
> 1.      From Policy Editor, Create a network object called Websrv,
>
> IP Address: 192.168.3.211
> Net Mask: 255.255.255.0
>
> NAT:  "Add Automatic: Address Translation rules"
>         Translation rules: static
> Network IP address: 209.10.25.23 (a valid IP address from external
interface
> side).
> Install on gateway: All
>
> 2.      From firewall box(I put firewall module and management server onto
> the same box),  I run these commands:
>
> C:\> arp -s 209.10.25.23         00-AB-6D-C3-D7-2B
> C:\> route add 209.10.25.23     192.168.3.211 metric 1
>
> While 00-AB-6D-C3-D7-2B is the MAC Address of  the external interface of
my
> firewall Wall.
>
> 3.      I set up a rule:
> Any     Websrv  any     accept
>
> Now I suppose can ping the Web server from a box at the external side
> (209.10.25.28), but I CAN NOT do it !!!
>
>
>
> The follow is a simple diagram:
>
>
> ------------------------------------------------- External (209.10.25.0, I
> put a testing box, 209.10.25.28 here)
>                         |
>                         |
>
>                      Firewall box ------------- Internal (10.2.0.0)
>                         |
>                         |
> --------------------------------------------------- DMZ (192.168.3.0,
where
> I put my Web server)
>
> Any idea about this?
>
> Thank you for your help in advance.
>
>
> William
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================