Ok...I defined the IP Pass Through network and filters and I've got it worked exactly the way I want.
Thanks for your help. Another question. Now, when I Verify Configuration, it comes up yellow stating that I'm specifying a Destination interface of PROT for my IP Pass Through network/host. It's probably just a warning and not a setup error (I'm assuming since it's working) but I think it's causing problems with HA. Before I created this IP Pass Through network, I was able to Update Slave with no problem. Now, whenever I attempt to update slave, the slave reports that it can't delete it's aliases (we have about 90 aliases set up on the EXT interface) and it never completes the Slave Update...then the worst comes...the Slave GB will switch to INIT mode and stay there until I reboot...and the changes never completely take place. I'll have to go back into the Slave GB and manually edit the config to correct partial changes and to match the Master FW. Is this is a known issue? Should I not be getting a Yellow error in the config? Ed -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Green Sent: Monday, October 22, 2001 4:00 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to allow access from PSN to PROT --------------------- Attention ----------------------------- A digest version of this list is now available. Send email to [EMAIL PROTECTED], with the following message: subscribe gb-users-digest your_email_address Then unsubscribe from this list. ------------------------------------------------------------- GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- You need to define the networks and then use IP Passthrough filters to allow the type of traffic you want to pass. You're on the right path, but ditch the tunnels. Chris Green >From: "Edward Ingram" <[EMAIL PROTECTED]> >To: "'Chris Green'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, ><[EMAIL PROTECTED]> >Subject: RE: How to allow access from PSN to PROT >Date: Mon, 22 Oct 2001 15:52:00 -0700 > >The GB is the default gateway for machines on the PSN. I've tried >adding an IP Pass Through filter for the PSN to the PROT and also a >tunnel for the specific server I want to give the PSN access to on the >PROT...however it still does not pass information through. Is there >anything else I need? Do I need to specify an IP Pass Through host? > >Ed > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf >Of Chris Green >Sent: Monday, October 22, 2001 1:11 PM >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: Re: How to allow access from PSN to PROT > > >--------------------- Attention ----------------------------- A digest >version of this list is now available. Send email to [EMAIL PROTECTED], >with the following message: subscribe gb-users-digest >your_email_address Then unsubscribe from this list. >------------------------------------------------------------- >GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >IP Passthrough allows the firewall to act as a router. If the firewall >is the default gateway of machines on both sides nothing additional >will need >to be done. If not, then you may need to add some routes to routers. > >Chris Green > > > > >From: Jon Schlegel <[EMAIL PROTECTED]> > >To: "Chris Green" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > >Subject: Re: How to allow access from PSN to PROT > >Date: Mon, 22 Oct 2001 00:41:20 -0400 > > > >Chris, > > > >I'm in the process of constructing an Internet site and am using > >GB-Pro. A first experience at both networking and firewalls. As > >I've been scouring the GB docs over the past weeks, the IP Pass > >Through concept is still not clear to me. > > > >For instance in Ed's case where he wants to allow the PSN to be able > >to > > >access the PROtected network. It seems that IP Pass Through would > >therefore allow 192.168.1.0/24 packets on to the 192.168.0.0/24 > >network. To the best of my knowledge, no hosts on the 192.168.0.0/24 > >network would respond to packets from the other network. I know I'm > >missing something here but I haven't been able to figure out what it > >is > > >yet. I am eager for insight on this subject. > > > >Jon > > > > > > > >Jon Schlegel > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > >At 09:35 PM 10/20/2001 -0500, Chris Green wrote: > >--------------------- Attention ----------------------------- A > >digest version of this list is now available. Send email to > >[EMAIL PROTECTED], > > >with the following message: subscribe gb-users-digest > >your_email_address Then unsubscribe from this list. > >------------------------------------------------------------- > >GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi > >Send postings to: [EMAIL PROTECTED] > >Access the list archives at: http://www.gnatbox.com/gb-users/ > >------------------------------------------------------------- > >Well, for starters I'll ask this... If you are going to allow access > >to your internal network from your PSN, why do you have a PSN? I > >know >there > >are many valid answers for this, but its a question you need to ask > >yourself. In response to your actual question, you need to use IP > >Passthrough filters. > > > >Chris Green > > > > > > > >From: "Edward Ingram" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Subject: How to allow access from PSN to PROT > >Date: Sat, 20 Oct 2001 16:27:32 -0700 > > > >What do I need to allow this access? I read somewhere that to allow > >this, I need a tunnel and a filter. > > > >I've looked at my current tunnels, which I use to redirect external > >requests for "real" ips to internal "private" ips, which is the > >normal usage. But what would I put in for a tunnel to allow, say > >192.168.1.0/24 to access 192.168.0.0/24? > > > >Ed > > > > > > > >Edward Ingram > >Network/Systems Administrator > >Payment Resources, Intl. > >[EMAIL PROTECTED] > >(949) 729-1400 > >(949) 729-1178 FAX > > > > > > > >_________________________________________________________________ > >Get your FREE download of MSN Explorer at > >http://explorer.msn.com/intl.asp > > > >---------------------------------------------- > >To Unsubscribe: send mail to [EMAIL PROTECTED] > >with "unsubscribe gb-users your_email_address > >in the body of the message > > > > > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp > >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
