[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local.arp changes still not picked up
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Make sure the format is: a.b.c.d xx-xx-xx-xx-xx-xx It is important to use a tab character, and a dash in the MAC address a la NT. The proxy.arp file on my main firewall contains on over 200 entries on five different interfaces, and I've done it on 5 firewalls now without a problem. Make sure you have the MAC address that matches the interface / IP address. This can be very confusing on WinNT. e.g. the 'route print' command prints the interfaces in reverse order to the network control panel, and uses the loopback as IF 1. Kind Regards, Craig Little BSc, CPD, CPI, SCJP, CCSA, CCSE Inter-Networking / Security Consultant Shell Services International Phone: +64 4 462 4661 Fax: +64 4 463 4060 Mobile: +64 21 37 5858 PGP Fingerprint F3CE 6EB2 6B1A 10EA E355 A157 8012 D53A 6AE5 962F mailto:[email protected] http://www.shellservices.com By default attachments are compressed in WinZip format. If you cannot read them, please contact you Help Desk to have the WinZip utility installed. WinZip can be downloaded for free at http://www.winzip.com. This e-mail message and attachments are confidential between the intended parties and may be subject to legal privilege. If you have received this e-mail in error, please advise the sender immediately and destroy the message and any attachments. If you are not the intended recipient you are notified that any use, distribution, amendment, copying or any action taken or omitted to be taken in reliance of this message or attachments is prohibited. - -----Original Message----- From: Bill McCabe [mailto:[email protected]] Sent: Thursday, 7 September 2000 2:54 p.m. To: [email protected] Subject: [FW1] local.arp changes still not picked up Sadly, the new proxy ARP entries still didn't take after a fwstop/start, and even a reboot. The old one still works fine. The network objects and rules are patterned identically to the working one, which was set up according to the instructions in the Phoneboy FAQ. I clearly must be missing something, unless it has to do with the limitations of Windows NT 4.0 Workstation, or the fact that the internal NIC is Token Ring. Any suggestions or leads would be greatly appreciated. Bill At 1:16 PM -0400 9/6/00, Bill McCabe wrote: >Thanks for all the replies. I will bounce the firewall when I get >the green light from above. I couldn't remember whether I had >restarted the FW service last June when I added the prior static >mapping. Since the Phoneboy FAQ says: > > >>In Windows NT, the 'arp' command will not function in this manner. >>Version 2.1c and later of FireWall-1 will do the proxy arps for >>you. You must create a file called %SystemRoot%\fw\state\local.arp >>(case matters!), which is formated as follows: >> >>translated_ip_address mac_address >> >>In the example above, this file would contain: >> >>206.99.98.50 08-00-20-76-ea-77 >> >>Once you've set this file up, you will need to re-install the >>current rulebase. > > >I was hesitant to restart it for no reason. I naturally assumed I >had made an error somewhere. > > >Bill > > > > >===================================================================== >========== = > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html >===================================================================== >========== = ====================================================================== ========== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBObZx+4AS1Tpq5ZYvEQIWDgCdHrwu2DqMakmn63G8UFpzDtzCcuEAoIpP AqRNFE9+nQ6Soe9uWSnsKOWQ =XDvD -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|