Gordon, The simplest way to check is to view the logging...
Allow ICMP is a BAD thing in my opinion to left enables in your rulebase because that is general for the whole rulebase... NOT just per interface basis. The best way, in my opinion, is to allow ICMP echo request FROM computer 1 to 2 and then allow ICMP echo reply BACK from computer 2 to 1. This should work... Regards, Brenno > -----Original Message----- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: zondag 16 december 2001 16:55 > To: [EMAIL PROTECTED] > Subject: FW-1 ping problem > > Hi, Just a simple one I hope... > > To simplify the description, lets say I have an FW-1 on a NOKIA with two > user interfaces (ethernet) enabled. > I have a workstation attached to the lan on each interface and I install a > policy with no "clean-up" rule. > Instead the last rule is "any any any accept". > I have set "ipsofwd on" at the Nokia level. (I thought FW-1 allowed > forwarding and tat it was just the Nokia that needed to be forced to allow > this ?) > > And yet I cannot ping from one workstation to the other ! > > The "Allow ICMP" option in the "Policy properties" only inserts an "any > any > ICMP accept" rule anyway (?), so my "allow-any" rule should cover that. > The routing/default gateway's on the workstations just points to the local > interface on each. > > So what is stopping the ping ??? > Any suggestions would be gratefully received ! > > Cheers, Gordon > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls