RE: [FW1] Strange NT Routing Issue

[Brendan McCauley]

are you using dhcp for all the internal clients that did not reply?
are you using dhcp for all the internal clients that did reply?
if so are your internal hosts looking to .253 or .252?
make sure they (the internal hosts) all look to .253 for thier dg and set
.253's dg to be .252(.)
...you'll have to figure out the mass reboot or release-renew for every dhcp
client on your own...

looks like some of your internal hosts may be looking to your new (gateway)
firewall for a default route and some of them are looking elsewhere.  the
ones that are replying to your external pings are (probably) looking at the
gateway, those that aren't are either looking to reply via a different (old
gateway IP??) router or are oblivious to the existence of (a route
through...) the gateway your installing and how to reply.
the fact that .253 is on the list of 'didn't's and not the 'did's convinces
me...
do the other networks reply?
when/if you reply copy the entire:

route -p print


> -----Original Message-----
> From: Eric Eskam [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 13, 2000 1:41 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Strange NT Routing Issue
> 
> 
> 
> Situation:
> 
> FW not installed yet - trying to get routing up.
> 
> All packets leave all subnets on internal network for 
> external network with
> no problems.
> Not all packets come in from outside to internal network.
> In fact, a darn strange pattern of internal IP addresses can 
> be pinged from
> the outside.
> IP space is a class A subnetted 255.255.255.0 - pretty standard.
> 
> All Interfaces on the FW computer are pingable inside and out 
> (ie. on a
> computer on the internal net I can ping all the cards - ditto for the
> external side of things, on a separate computer I can ping 
> all the cards)
> 
> External FW interface is x.x.61.1
> Internal FW Interface is x.x.60.252
> External router (GW to internet) is x.x.61.1
> Internal router (GW to subnets) is x.x.60.253
> Additional subnetwork x.x.63.0 is reachable via x.x.60.253
> 
> When I ping from external (computer on the x.x.61.0 network, 
> not from the
> firewall) to the entire x.x.60.0 network these are the 
> responses I get:


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================