| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] NAT Problem in CP-Firewall
Hi Guys,
I tried to do that, but how can I get the mac address of the interface ?? I
tried "ifconfig -a" but all the interfaces has the same mac address and I
have 9 interfaces on my Sun.
Regards,
Omar Pinheiro
Departamento de Sistemas
Telebahia Celular
Tel: (71) - 9980-2536
Fax (71) - 387-7502
Dan Hitchcock <[email protected]>
Enviado Por: Para: "'Jey Baskar'" <[email protected]>, [email protected],
[email protected] [email protected], [email protected]
kpoint.com cc:
Assunto: RE: [FW1] NAT Problem in CP-Firewall
15/01/2001 13:20
I don't see any reference to which platform you're running your firewall
on,
but here's the answer for both:
Solaris: You need to publish the ARP entry. Add "pub" (no quotes) to the
end of the line shown in #1 below.
NT: NT cannot proxy arp natively. You must add an entry to the local.arp
file on your firewall. See www.phoneboy.com/fw1/faq/0008.html for details.
HTH -
Dan Hitchcock
Network [email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders
-----Original Message-----
From: Jey Baskar [mailto:[email protected]]
Sent: Monday, January 15, 2001 7:28 AM
To: [email protected]; [email protected];
[email protected]
Subject: RE: [FW1] NAT Problem in CP-Firewall
I did follow the suggestion of adding the arp entry and the route but I
am
still struck up the same problem.
After adding the following entries
1. arp -s 205.148.243.3 <mac address of the external firewall>
2. route add 205.148.243.3 10.1.3.5
it doesn't seems working. I also added the next hop inside the firewall too
!!
Thanks for your time and suggestion
Jey!
>>> Mustetab Ali Khan <[email protected]> 01/14/01 10:08AM >>>
Dear BASKAR,
You also need to add an arp entry for the natted address ...
arp - 205.148.243.3 <mac address of the firewall external card>
in addition u need to add a route as follows
route add 205.148.243.3 <10.x.x.x> ip of the firewall internal card
-Mustetab
Network Security Engineer
HCL Comnet Systems & Services
-----Original Message-----
From: ITN (Bipin Mehta)
To: 'Jey Baskar'; [email protected]
Sent: 01/14/2001 6:25 PM
Subject: RE: [FW1] NAT Problem in CP-Firewall
You need to add a static route on your firewall for the translated
address (205.148.243.3)to the next hop inside the firewall or to the
internal ethernet port because before translation the firewall does
internal routing.
-----Original Message-----
From: Jey Baskar [ mailto:[email protected] <mailto:[email protected]>
]
Sent: Saturday, January 13, 2001 1:02 AM
To: [email protected]
Subject: [FW1] NAT Problem in CP-Firewall
Hello,
We have installed Checkpoint Firewall-1 in our environment. I am facing
a problem of unable to PING to the NATted address.
10.1.3.15 205.148.243.2 205.148.243.1
HOSTA ------- FIREWALL -------- ROUTER ---------- INTERNET
I have a hostA 10.1.3.15 which is on the internal network. It can ping
to the Firewall [205.148.243.2] and to the router [205.148.243.1]
without any problems.
On the Firewall I have static Address Translation for the 10.1.3.15 and
set it as 205.148.243.3
The problem is I can PING to the firewall [205.148.243.2] successfully
from the internal and external network but CANNOT ping to the static
address [205.148.243.3] either from the internal nor from the external
network. Even from the Firewall server, I CANNOT ping to the NATed
address [205.148.243.3]
I have set the NAT and rules properly.
Any help to fix this problem will be greatly appreciated!
Thanks
Jey
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
<http://www.checkpoint.com/services/mailing.html>
========================================================================
========
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
