RE: [FW1] Pinging

Fernando Gomes Tue, 08 Aug 2000 05:23:29 -0700

Hi guys,
the directory is [FWdir]\state!

In the logs can you see if the pings (icmp) are droped in rule 0?

att,
Fernando.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Witham, John
Sent: Monday, August 07, 2000 7:58 PM
To: 'Jon Jackson'; Firewall-1 listserv (E-mail)
Subject: RE: [FW1] Pinging



Hi Jon:

Have you added the 111.111.111.111 to the FireWall's local.arp file?  I
can't remember the exact location of the file, but you must put the EXTERNAL
IP address of the NAT'd box (111.111.111.111) and then a TAB, and then the
MAC address of the external interface of your FireWall.  After a FWSTOP and
FWSTART, you should be fine.

The reasoning behind this is that FW1/NT4 doesn't know to respond to an ARP
request of the 111.111.111.111 address unless you specifically tell the OS
of the box it should answer when it sees that ARP request.

Also, make sure you have done a ROUTE ADD telling the OS who goes where. ex:

route add -p 111.111.111.111 mask 255.255.255.255 10.10.10.10

Hope this helps!

-john

John Witham, MCSE, MCP+i
Systems Engineer
Takeda Pharmaceuticals America, Inc.
v/847.383.3304
f/847.383.3205
mailto:[EMAIL PROTECTED]


-----Original Message-----
From: Jon Jackson [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 07, 2000 5:08 PM
To: Firewall-1 listserv (E-mail)
Subject: [FW1] Pinging



I am trying to ping an internal machine by its nat'd public address and get
no reply.  Is this possible with FW-1.  Here is my setup

FW-1 4.0 sp1
Win NT

Router  -  public address  - Firewall  -  DMZ unreg. addresses
                                 |
                               internal
                        unregistered addresses

For instance:

internal address is 10.10.10.10  nat'd to 111.111.111.111
>From machine 10.10.10.11  ping 111.111.111.111.  Get time out on all 4
tries

I know I can ping private address directly but for testing I need it to go
through the firewall.

Thanks for the help


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Pinging

Reply via email to
