I am having an issue with Windows 2000 not forwarding packets between the
interfaces. I have tested everything else and it seems that it just won't
forward between the interfaces. I have turned on RRAS and enabled
forwarding. Any ideas on what else I can check??
-----Original Message-----
From: Brian Granier [mailto:[email protected]]
Sent: Friday, June 13, 2003 10:13 AM
To: [email protected]
I don't think it's necesarry to turn it on pre-install. The only reason
to do so prior to installation of Checkpoint would be to test the
ability to route through the box which essentially would test to ensure
all the interfaces are configured correctly and your static routes are
added properly and return route paths make it back to your Win2k system.
T. Brian Granier
GCIA, CCNA, CCSE, CHP, MCSE (NT4&W2K), MCP+I, N+, A+
Information Security Architect
Zebec Data Systems, Inc.
-----Original Message-----
From: Edwin Davidson [mailto:[email protected]]
Sent: Friday, June 13, 2003 8:38 AM
To: [email protected]
Subject: [FW-1] W2k and NT routing config
My Checkpoint NG install book states
on page 72 to enable IP forwarding
on NT. They make no mention of what
to do on W2k.
On W2k one can configure routing with a
registry hack:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter=1
or by configuring "routing and remote
access" service. (has problems?)
http://www.phoneboy.com/wizards/200211/msg00126.html
On newsgroup cp.products.firewall-1
I found: (might have to cut and paste parts of this)
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=PQug
skE%24BHA.226%40dogwood.us.checkpoint.com&rnum=7&prev=/group
s%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dw2k%2Brouting%2Bregi
stry%2Bhack%26sa%3DN%26tab%3Dwg
"You don't have to enable IP forwardnig. Checkpoint will do it for you.
The logic behind not enabling IP forwarding is if the Checkpoint
software crashes and IP forwarding is enabled, then the OS will forward
packets to your network making it vulnerable. Thats why its safer not to
enable ip forwarding and allow checkpoint to do it for you."
So I am ask the forumn, what do you do?
On W2k, do you configure Routing and Remote Access, or
do the IPEnableRouter registry hack, or do you leave
routing turned off?
Thanks.
http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please reply to the
sender of the message.
The views expressed in this correspondence may not
reflect the views of Prime, Inc.
This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================