[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] ICMP redirect!

To: [email protected]
Subject: Re: [FW-1] ICMP redirect!
From: Crist Clark <[email protected]>
Date: Mon, 18 Nov 2002 10:56:04 -0800
Organization: Globalstar Communications
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Anthony wrote:
>
> Thanks!
>
> Is there another method to enable it?
>
> Internet----- Checkpoint FW FP3 ------Network A
>                                                 |
>                                                 |-Router B--Network B
>                                                 |
>                                                 |-Router C--Network C

Looks like some severe tab-damage or the like going on here.

> This is my network diagram. All PC's  Default Gateway in Network A are point
> to FW. But I found that FW will not redirect traffic to Router B&C when I
> ping Network B&C.
>
> I want all internal networks can communicate sucessful.
> Note. I cannot configure the Router B&C (Admin by Headquarter).

This isn't really the firewall's job, it is the job of the routing software
in the underlying OS's IP stack. All FW-1 should or should not be doing is
intercepting the ICMP messages on the way out.

You never said what OS you are using. If it is Solaris, make sure,

  # ndd /dev/ip ip_send_redirects

Is set to one and your rules allow the redirects out.
--
Crist J. Clark                               [email protected]
Globalstar CommunicationsThe information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited.  If you have
received this e-mail in error, please contact [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] ICMP redirect!
  - From: Anthony <[email protected]>

Prev by Date: [FW-1] Checkpoint/Nokia developing a Intel OS?
Next by Date: Re: [FW-1] Checkpoint/Nokia developing a Intel OS?
Prev by thread: Re: [FW-1] ICMP redirect!
Next by thread: Re: [FW-1] ICMP redirect!
Index(es):
- Date
- Thread