[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Traffic between subnets - problem
- To: [email protected]
- Subject: [FW-1] Traffic between subnets - problem
- From: Jonathan Nichols <[email protected]>
- Date: Thu, 3 Jul 2003 09:55:19 -0700
- Organization: pbp.net
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
Greetings all,
I have a situation that my limited FW-1 knowledge can't seem to solve..
hopefully someone can help point me in the right direction.
The situation:
* FW-1 4.1 running under Solaris 7 on a Sparc 5
* 3 interfaces:
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 66.92.222.34 netmask ffffffe0 broadcast 66.92.222.63
le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.254 netmask ffffff00 broadcast 192.168.10.255
le1: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.1 netmask ffff0000 broadcast 172.16.255.255
The 192.168.10 net is the DMZ. (dmz)
The 172.16.1 net is the internal network. (int) On the internal network,
there are 5 things: 1 Windows 2000 Server, 3 Windows XP workstations,
and 1 VoIP phone.
The problem:
The Windows boxes need to be able to access the internet, and I'm trying
to get them to be able to access machines in the DMZ w/o interruption.
However, I'm unable to do so.
When I SSH from a Windows box to a box in the DMZ, it appears as if the
connection is coming from the Hide NAT IP address. If I remove the Hide
NAT IP (I used the FW-1 box IP as the "Hide" IP) then the boxes on the
172 side cannot access the internet at all. SSH isn't the only thing
affected. FTP is broken as well. Everything else seems to be working ok,
and all traffic from the outside is still working fine.
I've tried:
int -> dmz -> any (which is what I have now, but this problem is still
occuring)
int -> (specific machines) -> any
int -> (negate) dmz -> any
I've tried removing the "Hide" IP in the NAT configuration.
Basically, I've tried quite a few things and none of them have worked.
I've checked Google, and both of the FW-1 books that I have. I guess I'm
just confused as to why traffic seems to be trying to go out from the
FW-1 box's public interface and back in again.
Can anybody provide any clues as to what I have done wrong here?
Thanks in advance..
Jonathan
[email protected]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
