Situation:
FW not installed yet - trying to get routing up.
All packets leave all subnets on internal network for external network with
no problems.
Not all packets come in from outside to internal network.
In fact, a darn strange pattern of internal IP addresses can be pinged from
the outside.
IP space is a class A subnetted 255.255.255.0 - pretty standard.
All Interfaces on the FW computer are pingable inside and out (ie. on a
computer on the internal net I can ping all the cards - ditto for the
external side of things, on a separate computer I can ping all the cards)
External FW interface is x.x.61.1
Internal FW Interface is x.x.60.252
External router (GW to internet) is x.x.61.1
Internal router (GW to subnets) is x.x.60.253
Additional subnetwork x.x.63.0 is reachable via x.x.60.253
When I ping from external (computer on the x.x.61.0 network, not from the
firewall) to the entire x.x.60.0 network these are the responses I get:
x.x.60.13
x.x.60.179
x.x.60.201
x.x.60.220
x.x.60.242
x.x.60.243
x.x.60.244
x.x.60.246
x.x.60.249
x.x.60.252
If I do a ping sweep of the Internal network from the internal network
(either computer on internal network or the FW computer itself) I get over
120 responses (yes, I know it's an overly large and flat network but it's
not mine)
NT route table:
C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
0x3 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
0x4 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 x.x.61.1 x.x.61.2
1
10.0.0.0 255.0.0.0 10.0.0.1 10.0.0.1 1
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
x.x.60.0 255.255.255.0 x.x.60.252 x.x.60.252 1
x.x.60.252 255.255.255.255 127.0.0.1 127.0.0.1 1
x.x.61.0 255.255.255.0 x.x.61.2 x.x.61.2 1
x.x.61.2 255.255.255.255 127.0.0.1 127.0.0.1 1
x.x.63.0 255.255.255.0 x.x.60.253 x.x.60.252 1
x.x.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1
224.0.0.0 224.0.0.0 10.0.0.1 10.0.0.1 1
224.0.0.0 224.0.0.0 x.x.60.252 x.x.60.252 1
224.0.0.0 224.0.0.0 x.x.61.2 x.x.61.2 1
255.255.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1
===========================================================================
I'm either missing something extremely silly or am doing something above
drastically wrong - it seems fairly straight forward to me - but ???
We had problems with original ethernet adaptors they wanted to use and had
to change them out to what you see listed here, plus this machine has
service pack 6a on it - I think I am going to blow away NT and start over -
with just service pack 4 since that is all I can verify that is supported
for use with CP at this time.
Any other ideas?
Eric
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
