Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] routing problem

To: "Firewall (E-mail)" <[email protected]>, "Firewall_Mailing_List (E-mail)" <[email protected]>
Subject: [FW1] routing problem
From: Idan Dolev <[email protected]>
Date: Sun, 20 May 2001 17:07:19 +0300
Sender: [email protected]

Guys,

I have firewall 4.1 SP3 on NT 4.0 SP6.

the site config is as follow:

internet
   |
   |
   |
firewall
   |
   |	SITE A
--------------
    |	|
client   router A----------------------------router B
				   |	
				   |	SITE B
			---------------------------	
				|
				client

in words...2 Lan's are connected using Cisco routers. site is
192.168.0.0/24 and site b is 192.168.1.0/24
the firewall has rule base which allows everything from site A to site B.
Site B is able to serf the internet going throw the firewall.
Router B default gw is router A, router A default gw is the firewall plus a
route indicating that if you want to reach 192.168.1.0 you should go throw
routers B.
On the firewall there is a static route indicating that if you want to reach
192.168.1.0 you should go throw router A.
If I ping site B from site A everything works like a charm.
If I try to ping from site B to A, I do not get any answer.
If I insert manually  on one of the stations in site A a route indicating
that if you want to reach 192.168.1.0 you should go throw router A, and than
ping from B to A, it works......
So to conclude.

A ping is sent from site B to A, reaches his destination ( since it is its
only route to the world ), the machine from site A asks the default gw
(which is the fw ) which where to go, the firewall either 

does not give the correct ICMP REPLY

the station does not know how to handle the ICMP REPLY.

now I checked this config with various clients since I know win9x does not
know how to handle ICMP redirect so assume I am using win2K as clients.

I then disabled in my firewall using a registry key the entry for ICMP
redirect which means that he would not send it any more, and still it does
not work.

so the routing is good since SITE B goes the internet throw the firewall so
where is the problem ?


Idan






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Active connections
Next by Date: [FW1] cleared CCSE !!
Previous by thread: [FW1] Re: What to Study?
Next by thread: RE: [FW1] routing problem
Index(es):
- Date
- Thread