[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Multi-layered Firewall - Question
Topology: Edge FW: - ext IP: x.x.x.x - int IP: 192.168.0.1 Internal FW: - ext IP: 192.168.0.4 - int IP: 192.168.1.1 Client IP behind internal FW: 192.168.1.2 ************************************************** "Ping", "tracert", and "nslookup" work fine from the internal firewall "nslookup" works fine from internal clients. I am using edge firewall's internal interface as DNS server for clients behind internal firewall. "ping" works fine to internal interface of edge FW and to external interface of internal FW. I can't ping internet (network outside the edge FW) from internal client.....see sniffer trace a.. trace on external interface of internal FW: #ping www.domain.com 192.168.0.4.55741 -> 192.168.0.1.53: 192.168.0.1.53 -> 192.168.0.4.55741 arp who-has 192.168.0.1 tell 192.168.0.4 arp reply 192.168.0.1 is-at 0:30:ab:c:a9:30 b.. trace on internal interface of internal FW #ping www.domain.com arp who-has 192.168.1.1 tell 192.168.1.2 arp reply 192.168.1.1 is-at 0:9:f:2:b:32 192.168.1.2.4751 -> 192.168.0.1.53: udp 192.168.0.1.53 -> 192.168.1.2.4751: udp 192.168.1.2 -> 64.14.95.170: icmp: echo request 192.168.1.2 -> 64.14.95.170: icmp: echo request arp who-has 192.168.1.2 tell 192.168.1.1 arp reply 192.168.1.2 is-at 0:80:c8:c1:1:a5 Any suggestiouns??? Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|