[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Not able to ping from FW to either way
Hi Don, Many thanks for your efforts, actually the diagram is like this Host(172.16.1.134)----FW(172.16.1.1 & 206.234.243.19) | | | Router (206.234.243.1) | | Internet I am only trying to do static IP NAT for one host, rest all are on valid Internet IPs. My route print shows: Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 206.234.243.1 206.234.243.19 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.0.0 255.255.252.0 172.16.1.1 172.16.1.1 1 172.16.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1 172.16.255.255 255.255.255.255 172.16.1.1 172.16.1.1 1 206.234.243.0 255.255.255.0 206.234.243.19 206.234.243.19 1 206.234.243.19 255.255.255.255 127.0.0.1 127.0.0.1 1 206.234.243.134 255.255.255.255 172.16.1.134 172.16.1.1 1 206.234.243.255 255.255.255.255 206.234.243.19 206.234.243.19 1 224.0.0.0 224.0.0.0 172.16.1.1 172.16.1.1 1 224.0.0.0 224.0.0.0 206.234.243.19 206.234.243.19 1 255.255.255.255 255.255.255.255 172.16.1.1 172.16.1.1 1 I Kindly Guide, Thanks, Puneet -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Don Sent: Monday, January 14, 2002 4:44 PM To: [email protected] Subject: Re: [FW-1] Not able to ping from FW to either way > I am new to Checkpoint FW, so kindly bear with me and guide me urgently.. > Problem: > > 1) I have two ethernet cards on my FW machine.One with Valid Internet IP and > other LAN IP (192.168.1.1), I have all the real IPs in my network. > > ISP------------Router-------Hubs----------------(E0)--FW > machine--(E1)------------------------------HUB-----------------192.168.1.134 > | (Valid IP-206.x.y.z, > (LAN IP-192.168.1.1 > | > 255.255.255.0) ,255.255.255.0) > | > | > | > Workstations(with Valid IPs) > > I am not able to ping from 192.168.1.1 to 192.168.1.134 and vice > versa?? Cards are responding to self ping i.e. if I ping 192.168.1.1or > 192.168.1.134 from the same > machine, I get replies from the ehernet cards !! What is your firewall rulset? Unless you have explicitly allowed ICMP to and from the firewall, all such traffic will be dropped. > 2) I am also not able to ping my router's valid Internet IP from my > FW's valid Internet IP although I have added the routes. I want to do > Static NAT, I did all the steps, but when I am not able to ping the two > machines, I guess NATing won't work. Your network diagram is, to say the least, confusing. Does it look something like this: Host -- Firewall -- Router -- Internet Host IP: 192.168.1.1.34 Firewall Internal: 192.168.1.1 Firewall External: 206.2.3.2/24 (Just an example) Router Internal: 206.2.3.1/24 (Just an example) Router external: a.b.c.d/30 The router should have a default route through its serial interface. The firewall should have a default route through 206.2.3.1. The hosts on the internal network should have a default route through 192.168.1.1. You should be running hide-mode NAT on the the firewall for the internal network. Unless you have a specific rule on your firewall, you will not be able to ping to or from the firewall while it is running. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|