I'm having a nightmare of a time getting up and running with Firewall 1 on
Linux 6.1. I have a triple homed Linux box that I want to use as a gateway
for our Internal Net as well as the DMZ net. I am including the output of
the `ifconfig -a` and `netstat -nr` commands. I have an All_Permit policy
installed and pretty much everything is enabled in the Policy/Properties
window. I can ping hosts in all the three nets from the firewall but cannot
ping through the firewall. For example I can ping our router to the internet
- 204.5.211.254 from the firewall but not from any host in the internal
invalid nets 172.16.2.0 or 172.16.1.0.
I figured it was an ip_forwarding issue so I configured Firewall-1 to never
handle ip_forwarding and enabled ip_forwarding at the os level (set
/proc/sys/net/ipv4/ip_forward to 1). No luck again.
I've also considered the fact that the packet may be reaching 204.5.211.254
but the replies are not reaching the internal hosts. But then 204.5.211.254
and 204.5.211.253 (external interface on the firewall that the internal nets
are hiding behind) are on the same net 204.5.211.224 and can see each other
fine.
Does anyone have any suggestions. I'll greatly appreciate the help.
***Netstat output***
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
204.5.211.253 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
172.16.2.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth2
172.16.1.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth1
204.5.211.224 0.0.0.0 255.255.255.224 U 0 0 0
eth0
172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 204.5.211.254 0.0.0.0 UG 0 0 0
eth0
0.0.0.0 204.5.211.254 0.0.0.0 UG 0 0 0
eth0
****ifconfig output***
eth0 Link encap:Ethernet HWaddr 00:60:97:17:76:20
inet addr:204.5.211.253 Bcast:204.5.211.255 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1359 errors:0 dropped:0 overruns:0 frame:0
TX packets:1074 errors:0 dropped:0 overruns:0 carrier:0
collisions:40 txqueuelen:100
Interrupt:11 Base address:0xfcc0
eth1 Link encap:Ethernet HWaddr 00:50:DA:6B:EB:07
inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:3 Base address:0xfc00
eth2 Link encap:Ethernet HWaddr 00:10:5A:0D:19:2C
inet addr:172.16.2.1 Bcast:172.16.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:137 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xf880
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
