All my users sit behind a proxy server using private address space on our local
network. They must use the proxy server to get to the net, thus no NAT. I have two
DMZ's, each hosting a couple of web servers, connected directly to the firewall. Using
valid internet IP addresses work just fine to talk from the internal net to the DMZ.
Using private address space does not. The OSPF routing table on the firewall looks
fine and all the private routes are in the routing table. The rule base says:
>From Any
To Network DMZ
Service HTTP
The only thing that I can think of is that there is some option within gated that
stops routing of private address space, but I cannot find anything in the docs.
--
Richard Ellerbrock
[EMAIL PROTECTED]
>>> Rob Cryan <[EMAIL PROTECTED]> 2000/06/30 04:31:04 >>>
There is no reason that any valid address space will not pass through FW1.
I have implemented several firewalls on NT, Nokia and Solaris most using
some variation of RFC 1918 addressing with no problem. There are some
restrictions such as, the fact that this space and the others in 1918 won't
route on the Internet.
This begs the obvious questions: Where are you trying to go (route to)?
From? What does the routing table look like? Is the firewall passing
traffic for other networks? What does the rule base look like?
What are you trying for a test?
Rob Cryan
Solutions Integration Manager
infinitespace.com
Two Westborough Business Park
Westborough, MA 01581
Office: 508.870.4714
-----Original Message-----
From: Richard Ellerbrock [SMTP:[EMAIL PROTECTED]]
Sent: Friday, June 30, 2000 10:03 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Private address space
Is there any reason why firewall-1 will not pass private address
space in the range of 172.16-172.31 through the firewall (FW1 4.0sp5 on
Solaris 2.6). Nothing is logged in the log and the routing table is 100%.
The firewall is running gated ospf and there is no NAT configured.
--
Richard Ellerbrock
[EMAIL PROTECTED]
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
