local.arp should be in the format
<IP Address> <Mac Address>
Craig/
-----Original Message-----
From: Tika Mahata [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 20, 2000 10:19 PM
To: Kumar, Preet (Exchange); [EMAIL PROTECTED]
Subject: RE: [FW1] NAT and Internet Connection
Hi Kumar,
ICMP is allowed.
Firewall can ping application server with invalid IP
a.b.c.d.
External gateway MAC is used for w.x.y.z. in
c:\winnt\fw\state\local.arp
xx-xx-xx-xx-xx-xx w.x.y.z
and
route w.x.y.z is statically routed to a.b.c.d on
firewall.
But I even can not ping from firewall to valid IP
w.x.y.z.
On ping command:
reply from p.q.r.s: TTL expired in transit.
I'm just installing firewall and having to test
connection.
Best Regards,
Tika
--- "Kumar, Preet (Exchange)" <[EMAIL PROTECTED]> wrote:
>
> Do you have ICMP allowed through your firewall ?
> If you have then can you ping a.b.c.d from the
> firewall ?
> If not then check the routing from the firewall to
> a.b.c.d
> If yes then did you publish the MAC for w.x.y.z on
> the external network ?
> If not do it
> If yes then do you have a host specific route on the
> firewall that says
> destination w.x.y.z gateway (either a.b.c.d or the
> router that is on the
> internal side).
>
> If all the above has been doen and you still cannot
> ping check your NAT
> are you NATing when any packets come to the firewall
> at w.x.y.z or just
> http, https packets.
> In case you are NATing for only http/https packets
> then you will not be able
> to ping.
> If you have the services in Original packets set to
> "ANY" and services in
> translated packets
> set to "Original" then you will be able to ping.
>
> Why would you want to ping the webserver anyway ?
> Allow ICMP just for
> testing and when the
> webserver is accessable from outside through the
> NATed address then disable
> ICMP and also
> narrow down the NAT to only those services that you
> require on the
> webserver.
>
> Preet
>
> > -----Original Message-----
> > From: Tika Mahata [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, June 19, 2000 7:41 AM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: [FW1] NAT and Internet Connection
> >
> >
> > Hi,
> >
> > My application server(i.p=a.b.c.d) is hidden with
> > static NAT ( valid i.p=w.x.y.z).Then I cannot ping
> the
> > w.x.y.z, so how can I access my application server
> > from internet?
> > Pls give me some idea about it.
> >
> > Thanks
> > Tika
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send instant messages with Yahoo! Messenger.
> > http://im.yahoo.com/
> >
> >
> >
>
==========================================================================
> > ======
> > To unsubscribe from this mailing list, please
> see the instructions at
> >
> http://www.checkpoint.com/services/mailing.html
> >
>
==========================================================================
> > ======
>
>
>
***********************************************************************
> Bear Stearns is not responsible for any
> recommendation, solicitation,
> offer or agreement or any information about any
> transaction, customer
> account or account activity contained in this
> communication.
>
***********************************************************************
>
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================