[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NAT rules not working under FP3 - further info
- To: [email protected]
- Subject: Re: [FW-1] NAT rules not working under FP3 - further info
- From: Lars Troen <[email protected]>
- Date: Wed, 23 Oct 2002 10:32:17 +0200
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcJ6UJEQYflswrmHRpOXarFqOQ3fxQAHcYuA
- Thread-Topic: Re: [FW-1] NAT rules not working under FP3 - further info
Damo,
- Do you see any trafic if you generate some ON the firewall?
- "fw ctl iflist" - Does this command show all interfaces correctly?
Lars
> -----Original Message-----
> From: Damien Hart [mailto:[email protected]]
> Sent: Wednesday, October 23, 2002 06:24
> To: [email protected]
> Subject: Re: [FW-1] NAT rules not working under FP3 - further info
>
>
> More info to add to the confusion...
>
> Telnet doesn't work either. A sniff outside the firewall
> does not see ANY
> traffic from the firewall at all. Trying the same tests with
> a rulebase
> with a single "any any any accept" rule is no different so it
> doesn't appear
> to be related to the rules either. It seems like it should
> be a routing
> issue but I can't see how it can be...
>
> Help please.....
>
> Damo
>
>
> > Hi again all,
> >
> > After completely rebuilding my SecurePlatform FP3 and
> rulebase to fix my
> > authentication problems (it DID fix them by the way) I have
> just gone to
> > test traffic directly passing through the firewall and it
> appears to not
> be
> > working if there is a NAT involved.
> >
> > For web browsing I access a proxy server on my DMZ without
> NAT and it
> > accesses the Internet without a NAT. This works fine. But
> when I try FTP
> > or NNTP to a host directly I see the entry in the log accepting the
> > connection, but the applications come back saying
> connection failed. Just
> > like Mayooran I see the correct TX address in the log as
> well (my two
> > seperate internal networks are both hiding behind the
> firewalls external
> > address) but nothing further. Strangely, a traceroute
> through the firewall
> > works as it should...
> >
> > I am fairly sure I have this setup exactly as I did in FP2
> and it worked
> > fine there so is there something extra in FP3 that I need
> to do? I would
> be
> > sooo happy to get everything to work on this platform at one
> time...........
> >
> > Routes are correct including default route on the firewall
> (otherwise the
> > web proxy wouldn't work either) and antispoofing is setup
> correctly with
> the
> > groups of networks on each interface assigned to that
> interface and the
> > external interface set to "external". The access list on
> the external
> > router is not to blame either as I have tested with it removed.
> >
> > Does anyone have any ideas of other things I can check? It
> seems to be a
> > most peculiar problem.
> >
> > thanks in advance,
> >
> > Damien
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================