Re: Firewall-1 config, Adding internal subnets?

Fri, 21 May 1999 18:20:42 -0700 

That makes sense but the firewall is doing nat so all of the traffic should
be routing back to the same address on the firewall. The firewall has 
routes defined for all of the subnets on the internal network from 
the internal interface.

------------------
|                |
|    INTERNET    |
|                |
------------------
          |
          |   legal external internet addreess
    ------------
    |          |
    | FIREWALL |
    |  & NAT   |
    ------------
          |      illegal internal addresses
          |      primary internal subnet 1
   ----------------------------------
                             |
                             |
                         ------------
                         | INTERNAL |
                         | router   |
                         ------------
                         |     |   |
        subnet 3         |     |   |  subnet 4
     ----------------------    |   --------------
              |                | subnet 2      |
              |              ----------        |
            ----------              |        ----------
            | CLIENT |              |        | CLIENT |
            ----------       -----------     ----------
                             |  CLIENT |
                             -----------

>The first thing I would make sure of is that the router has a route 
>back to the
>internal subnets through the firewall.  For example, on the router 
>there should
>be a route such as route add [internal subnet] [firewall interface] 1
>
>Macy Torrey
>Sprint Consumer Technology Lab
>Westwood, KS
>
>[EMAIL PROTECTED] wrote:
>
> > Hello,
> >
> > I am having a hard time configuring our Firewall-1  3.0 on solaris 2.6.
> > We recently added a computer on the internal network to route 3 
>new subnets.
> >
> > The firewall seems to be stopping  all returning traffic that
> > originates from any of the subnets except the one that the firewall
> > is on.  For example I can ping the firewall from the subnets but If I
> > try to ping the router on the other side of the firewal it only goes
> > out.
> >
> > This seemed like an anti-spoofing issue to me after reading through
> > the faq. The address range specked on the firewall was any. I changed
> > this to open and had some unexpected results. The firewall also is
> > doing nat from one legal address to a bunch of illeagal internal
> > addresses.
> >
> > What changes are needed to the firewall when adding internally routed
> > subnetworks?
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to