Got a question, hope someone can shed some light. Got a client with CheckPoint NG-AI running on Red Hat 7.3 (kernel 2.4.18-5smp)
Trying to setup a specific NAT out one interface only for one destination, but I can't get the Firewall to answer the ARP requests from the router. <firewall> ---<crossover cable>-- <Cisco 1720> -- T1 External Firewall IP is 192.168.0.2 Facing side of Router is 192.168.0.5 Trying to Hide NAT behind 192.168.0.9. ARP -a: ? (192.168.0.9) at * PERM PUP on eth2 Command used to add ARP: arp -v -n -i eth2 -s 192.168.0.9 00:E0:81:23:39:47 pub verified that /proc/sys/net/ipv4/conf/eth2/proxy_arp is set to 1 When the session initiates, here's what I see on the tcpdump -i eth2 21:00:32.492308 arp who-has 192.168.0.5 tell 192.168.0.2 21:00:32.493096 arp reply 192.168.0.5 is-at 0:9:7c:a3:a5:fd 21:00:32.493126 172.20.17.21.1760 > poly4.siteremoved.com.http: S 3536652485:3536652485(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 21:00:32.803609 arp who-has 192.168.0.9 tell 192.168.0.5 21:00:35.477799 172.20.17.21.1760 > poly4.siteremoved.com.http: S 3536652485:3536652485(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 21:00:35.788166 arp who-has 192.168.0.9 tell 192.168.0.5 Notice how the who-has 192.168.0.9 never get answered.. on the router (which I don't control) show arp says "incomplete" for 192.168.0.9. We can't add a static ARP on the router (politics, ya know) Hope someone can shed some light on this... And of course, we're using manual nat since this nat goes out the non-internet interface, and the local net is automatic hide-natted through the internet interface (different ip than this connection) Thanks Scott ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
