Dpto. de Internet- Jose J. Pedrajas wrote:
Hello Ken,
firstly, thanks for your observation. I have done the changes you suggest
me, however the problem go on present at my system :
- When someone do a ping to the broadcast IP of qe1
(xxx.xxx.xxx.16), the Log Viewer tell me that the icmp packet try to come in
through the qe2 interface.
- When someone do a ping to the broadcast IP of qe2
(xxx.xxx.xxx.32), the Log Viewer tell me that the icmp packet try to come in
through the qe1 interface.
the results are :
1- FW drop the packet because it think that the source ip is
spoofed.
2- After some minutes in the syslog I get the typical messages of
"too many internal hosts detected".
I think that the 2nd problem is a consequence of the 1st problem.
Are you seeing the ICMP echo request or the echo reply being blocked?
If the request is being blocked, what destination address of the
packet is should be irrelevant. All that matters is where the computer
that sent the echo request is. The interface that the request came
in on should be in the logs.
But I wonder if your problem isn't something else. Your qe1 and qe2
aren't bridged somehow are they? They aren't connected to the same
physical network or something like that?
I have observed that my ARP table has the following 2 lines :
qe1 xxx.xxx.xxx.16 255.255.255.255 SP ..:..:..:..:..:84
qe2 xxx.xxx.xxx.16 255.255.255.255
..:..:..:..:..:84
Is it normal that the same MAC address appears in 2 diferent interfaces? If
not, how can I resolve the problem?
It is normal for Solaris systems to assign the same MAC to all
interfaces. However, the same IP address should not appear
multiple times and broacast addresses should not appear.
I have been sniffing my network card for the broadcasts packets and the only
2 packets I saw were :
Which interface were you sniffing? This looks like the echo
requests are successfully passing out of the Solaris system.
Using device /dev/qe (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 9:48:35.39
ETHER: Packet size = 74 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = ..:..:..:..:..:84, Sun ====================>
The MAC of qe1
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 60 bytes
IP: Identification = 3387
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 1 seconds/hops
IP: Protocol = 1 (ICMP)
IP: Header checksum = a227
IP: Source address = 81.41.214.217, 217.Red-81-41-214.pooles.rima-tde.net
IP: Destination address = xxx.xxx.xxx.16, xxx.xxx.xxx.xxx.16
IP: No options
IP:
ICMP: ----- ICMP Header -----
ICMP:
ICMP: Type = 8 (Echo request)
ICMP: Code = 0
ICMP: Checksum = 375c
ICMP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 9:48:40.18
ETHER: Packet size = 74 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = ..:..:..:..:..:85, Sun ====================>
The MAC of qe2
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 60 bytes
IP: Identification = 3395
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 1 seconds/hops
IP: Protocol = 1 (ICMP)
IP: Header checksum = a20f
IP: Source address = 81.41.214.217, 217.Red-81-41-214.pooles.rima-tde.net
IP: Destination address = yyy.yyy.yyy.32, yyy.yyy.yyy.32
IP: No options
IP:
ICMP: ----- ICMP Header -----
ICMP:
ICMP: Type = 8 (Echo request)
ICMP: Code = 0
ICMP: Checksum = 365c
ICMP:
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
