On 1/12/06, Shane Presley <[EMAIL PROTECTED]> wrote: > > I noticed that if a SecurePlatform box has no policy (after an fw > unloadlocal), it does not route traffic. I know that's the best > practice, but is there a way to override that. In certain > circumstances, I need to disable the policy and have the device act as > a router. > > Same problem with a cpstop.
This is because in both cases, the IP forwarding is disabled, so in case you disable your policy (or your firewall) your internal hosts don't get compromised. You may want to enable it back, so the routing among NICs works: sysctl -w net.ipv4.ip_forward=1 echo 1 > /proc/sys/net/ipv4/ip_forward any of them should do the trick. :-) HTH, - Martín. -- ** Mi página web: http://gama.fime.uanl.mx/~mhoz/ * "Somos consecuencia del pasado, y causa de nuestro futuro." * "Este mundo no nos ha sido legado por nuestros padres, sino lo hemos recibido prestado por nuestros hijos..." * "E no final das contas, como diz um sábio persa, o amor é uma doença da qual ninguém quer livrar-se". Paulo Coelho ** My Linux - http://www.slackware.com == My BSD - http://www.openbsd.org ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
