Hi,
This may be something way off base, but there was a hot fix or a service
pack (I don't remember the number) that you can apply to the Microsoft
machines to prevent them from replying to the broadcast address ping as a
security fix. May be that's the reason some of the machines are not replying
to your ping sweep.
Than Maung
-----Original Message-----
From: Kumar, Preet (Exchange) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 14, 2000 8:20 AM
To: 'Eric Eskam';
[EMAIL PROTECTED]
Subject: RE: [FW1] Strange NT Routing Issue
Did you try pinging the systems individually. Say by
creating a script and
ping all
devices on the x.x.60.0 network from x.x.60.1->254, I am
sure that you will
get
response for all of them if the system on the x.x.60.0
network has proper
routes
back to the x.x.61.0 network.
I dont know why but I have seen that you dont always get
response from all
systems
when you ping the subnet or network or the broadcast of
that subnet or
network.
If the ping to individual workstations gives a reply then I
would not worry
much.
Yes I would be curious to know why some workstations reply
while others
dont.
Preet
> -----Original Message-----
> From: Eric Eskam [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, June 13, 2000 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Strange NT Routing Issue
>
>
>
> Situation:
>
> FW not installed yet - trying to get routing up.
>
> All packets leave all subnets on internal network for
external network
> with
> no problems.
> Not all packets come in from outside to internal network.
> In fact, a darn strange pattern of internal IP addresses
can be pinged
> from
> the outside.
> IP space is a class A subnetted 255.255.255.0 - pretty
standard.
>
> All Interfaces on the FW computer are pingable inside and
out (ie. on a
> computer on the internal net I can ping all the cards -
ditto for the
> external side of things, on a separate computer I can ping
all the cards)
>
> External FW interface is x.x.61.1
> Internal FW Interface is x.x.60.252
> External router (GW to internet) is x.x.61.1
> Internal router (GW to subnets) is x.x.60.253
> Additional subnetwork x.x.63.0 is reachable via x.x.60.253
>
> When I ping from external (computer on the x.x.61.0
network, not from the
> firewall) to the entire x.x.60.0 network these are the
responses I get:
>
> x.x.60.13
> x.x.60.179
> x.x.60.201
> x.x.60.220
> x.x.60.242
> x.x.60.243
> x.x.60.244
> x.x.60.246
> x.x.60.249
> x.x.60.252
>
> If I do a ping sweep of the Internal network from the
internal network
> (either computer on internal network or the FW computer
itself) I get over
> 120 responses (yes, I know it's an overly large and flat
network but it's
> not mine)
>
> NT route table:
>
> C:\>route print
>
==========================================================================
> =
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
> 0x3 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
> 0x4 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter
>
==========================================================================
> =
>
==========================================================================
> =
> Active Routes:
> Network Destination Netmask Gateway
Interface
> Metric
> 0.0.0.0 0.0.0.0 x.x.61.1
x.x.61.2
> 1
> 10.0.0.0 255.0.0.0 10.0.0.1
10.0.0.1
> 1
> 10.0.0.1 255.255.255.255 127.0.0.1
127.0.0.1
> 1
> 127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1
> 1
> x.x.60.0 255.255.255.0 x.x.60.252
x.x.60.252 1
> x.x.60.252 255.255.255.255 127.0.0.1
127.0.0.1
> 1
> x.x.61.0 255.255.255.0 x.x.61.2
x.x.61.2
> 1
> x.x.61.2 255.255.255.255 127.0.0.1
127.0.0.1
> 1
> x.x.63.0 255.255.255.0 x.x.60.253
x.x.60.252
> 1
> x.x.255.255 255.255.255.255 x.x.61.2
x.x.61.2
> 1
> 224.0.0.0 224.0.0.0 10.0.0.1
10.0.0.1
> 1
> 224.0.0.0 224.0.0.0 x.x.60.252
x.x.60.252
> 1
> 224.0.0.0 224.0.0.0 x.x.61.2
x.x.61.2
> 1
> 255.255.255.255 255.255.255.255 x.x.61.2
x.x.61.2
> 1
>
==========================================================================
> =
>
> I'm either missing something extremely silly or am doing
something above
> drastically wrong - it seems fairly straight forward to me
- but ???
>
> We had problems with original ethernet adaptors they
wanted to use and had
> to change them out to what you see listed here, plus this
machine has
> service pack 6a on it - I think I am going to blow away NT
and start over
> -
> with just service pack 4 since that is all I can verify
that is supported
> for use with CP at this time.
>
> Any other ideas?
>
> Eric
>
>
>
>
==========================================================================
> ======
> To unsubscribe from this mailing list, please see the
instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==========================================================================
> ======
> .
>
>
>
>
==========================================================================
> ======
> To unsubscribe from this mailing list, please see the
instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==========================================================================
> ======
***********************************************************************
Bear Stearns is not responsible for any recommendation,
solicitation,
offer or agreement or any information about any transaction,
customer
account or account activity contained in this communication.
***********************************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
