[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Traffic between subnets - problem
Greetings all, I have a situation that my limited FW-1 knowledge can't seem to solve.. hopefully someone can help point me in the right direction. The situation: * FW-1 4.1 running under Solaris 7 on a Sparc 5 * 3 interfaces: hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 66.92.222.34 netmask ffffffe0 broadcast 66.92.222.63 le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.254 netmask ffffff00 broadcast 192.168.10.255 le1: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 172.16.1.1 netmask ffff0000 broadcast 172.16.255.255
The problem: The Windows boxes need to be able to access the internet, and I'm trying to get them to be able to access machines in the DMZ w/o interruption. However, I'm unable to do so. When I SSH from a Windows box to a box in the DMZ, it appears as if the connection is coming from the Hide NAT IP address. If I remove the Hide NAT IP (I used the FW-1 box IP as the "Hide" IP) then the boxes on the 172 side cannot access the internet at all. SSH isn't the only thing affected. FTP is broken as well. Everything else seems to be working ok, and all traffic from the outside is still working fine. I've tried: int -> dmz -> any (which is what I have now, but this problem is still occuring) int -> (specific machines) -> any int -> (negate) dmz -> any I've tried removing the "Hide" IP in the NAT configuration. Basically, I've tried quite a few things and none of them have worked. I've checked Google, and both of the FW-1 books that I have. I guess I'm just confused as to why traffic seems to be trying to go out from the FW-1 box's public interface and back in again. Can anybody provide any clues as to what I have done wrong here? Thanks in advance.. Jonathan [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|