If I read your e-mail correctly, you've got the following:
- An internal network, x.x.63.0/24
- A router that connects your internal network to your firewall -- IP to
the internal network is not specified, IP to the firewall is x.x.60.253
- A firewall. Internal IP is x.x.252, external IP is x.x.61.2 (typo in your
message - deduced from the routing table)
- A router that connects your firewall to the internet -- IP connected to
the firewall is x.x.61.1
I'm not sure if you've repeatedly made typos in your list of devices that
you ping, so I'll consider both cases:
1. You didn't make any typos, and you really meant x.x.60.y. If that's the
case, then all these devices are on the network between your firewall and
internal router. The problem may be that these devices are confused as to
where to send their replies. You've got two routers on this network. I
suppose that if they sent the packets to the internal router instead of the
firewall, the router would be smart enough to bounce them back... but who
knows. Need more info, like the routing table from the router.
2. You made a boatload of typos, and really meant x.x.63.y. If that's the
case, then all these devices are actually on your *internal* network,
behind your firewall and internal router. Check to make sure that all your
internal devices really have their default gateway (default route) set as
x.x.63.whatevertherouteris.
Dave Grabowski
System Arts, Inc.
(212) 604-9015 x316
[EMAIL PROTECTED]
"Eric Eskam"
<[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: [FW1]
Strange NT Routing Issue
kpoint.com
06/13/2000 02:41 PM
Situation:
FW not installed yet - trying to get routing up.
All packets leave all subnets on internal network for external network with
no problems.
Not all packets come in from outside to internal network.
In fact, a darn strange pattern of internal IP addresses can be pinged from
the outside.
IP space is a class A subnetted 255.255.255.0 - pretty standard.
All Interfaces on the FW computer are pingable inside and out (ie. on a
computer on the internal net I can ping all the cards - ditto for the
external side of things, on a separate computer I can ping all the cards)
External FW interface is x.x.61.1
Internal FW Interface is x.x.60.252
External router (GW to internet) is x.x.61.1
Internal router (GW to subnets) is x.x.60.253
Additional subnetwork x.x.63.0 is reachable via x.x.60.253
When I ping from external (computer on the x.x.61.0 network, not from the
firewall) to the entire x.x.60.0 network these are the responses I get:
x.x.60.13
x.x.60.179
x.x.60.201
x.x.60.220
x.x.60.242
x.x.60.243
x.x.60.244
x.x.60.246
x.x.60.249
x.x.60.252
If I do a ping sweep of the Internal network from the internal network
(either computer on internal network or the FW computer itself) I get over
120 responses (yes, I know it's an overly large and flat network but it's
not mine)
NT route table:
C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
0x3 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
0x4 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 x.x.61.1 x.x.61.2
1
10.0.0.0 255.0.0.0 10.0.0.1 10.0.0.1 1
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
x.x.60.0 255.255.255.0 x.x.60.252 x.x.60.252 1
x.x.60.252 255.255.255.255 127.0.0.1 127.0.0.1 1
x.x.61.0 255.255.255.0 x.x.61.2 x.x.61.2 1
x.x.61.2 255.255.255.255 127.0.0.1 127.0.0.1 1
x.x.63.0 255.255.255.0 x.x.60.253 x.x.60.252 1
x.x.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1
224.0.0.0 224.0.0.0 10.0.0.1 10.0.0.1 1
224.0.0.0 224.0.0.0 x.x.60.252 x.x.60.252 1
224.0.0.0 224.0.0.0 x.x.61.2 x.x.61.2 1
255.255.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1
===========================================================================
I'm either missing something extremely silly or am doing something above
drastically wrong - it seems fairly straight forward to me - but ???
We had problems with original ethernet adaptors they wanted to use and had
to change them out to what you see listed here, plus this machine has
service pack 6a on it - I think I am going to blow away NT and start over -
with just service pack 4 since that is all I can verify that is supported
for use with CP at this time.
Any other ideas?
Eric
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
