[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] local.arp

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


I used the local.arp file on NT 4.0 (SP3 and SP4) with FireWall-1 4.0
(vpn+des+strong) (SP1) and (SP2) with a CISCO 2500 and CISCO 3640 routers
outside without any problems... (Doing both STATIC and HIDE mode
translation)

If not using a cross-over cable, make sure there aren't any issues with any
switches or hubs in between the firewall's interface and the router.

Also make sure there aren't issues with the router that is supposed to
receive ARP updates...

Is this recent?  Have you cleared the ARP cache of your router?

There are some good notes on this on http://www.phoneboy.com also on
http://www.checkpoint.com/~joe

.peace.

Amin Tora, Internet Engineer
ICN - Internet Solutions Group
Phone: (703) 550 - 0101 x514
Fax:     (703) 550 - 7697
mailto://amint@icn.com
http://www.icn.com



-----Original Message-----
From: Robert Binder [mailto:rbinder@articon.de]
Sent: Thursday, April 01, 1999 11:32 AM
To: srae@ghs.guthrie.org
Cc: donm@advent.org; 'FW1'
Subject: Re: [FW1] local.arp



don,
with version 4.0 of fw1 i had a lot of troubles with the arp-proxy on a nt
box. i'm not really shure but i think in the new version (fw1 4.0 sp1) the
arp proxy does not work. there was no time for me to test this very
carefully.
a workaround is to set host routes on the router before. but this
is not so good because of security.

the format of the file is, as far as i remember, <ip-adress> <mac-adress>.
try it, if you can not ping the virtual ip-adress, switch the entries.
remember after changing this file you have to restart your firewall. 

robert


+--------------------------------------------------------------------+
|    /\     ARTICON AG            Tel :  +49-89-94573-0  Fax: -199   |
|   / /\    Robert Binder         Mail:  rbinder@articon.de          |
|  /_/\ \   Gutenbergstr. 1                                          |
| /____\_\  D-85737 Ismaing       WWW :  http://www.articon.de/      |
+--------------------------------------------------------------------+


On Thu, 1 Apr 1999 srae@ghs.guthrie.org wrote:

> Don,
> 
> Did you try MAC address then IP address in your local.arp?  I'm new to
this
> but I think that is the format on an NT.
> 
> Stewart Rae
> 
> 
> 
> 
> 
> donm@advent.org on 03/31/99 06:04:28 PM
> 
> Please respond to donm@advent.org
>                                                               
>                                                               
>                                                               
>  To:      "'FW1'" <fw-1-mailinglist@lists.us.checkpoint.com>  
>                                                               
>  cc:      (bcc: STEWART RAE/GUTHRIE)                          
>                                                               
>                                                               
>                                                               
>  Subject: [FW1] local.arp                                     
>                                                               
> 
> 
> 
> 
> 
> 
> 
> I am running FW1 v4.0 SP1 (Build 4031) on NT4 SP4.  I have created the
> local.arp file in the /fw1/state/ directory, but it still does not seem to
> work as advertised.  I have three IP addresses that I want the external
> interface to answer for besides it's own IP address.  I have the
> appropriate
> rules setup for NAT etc., but the only way to get the external interface
to
> answer those IP addresses is to manually add the addresses to the arp
table
> with an "arp -s x.x.x.x xx-xx-xx-xx-xx-xx".
> 
> I cannot find exactly what I am looking for.  I saw something a few weeks
> ago about the format of the local.arp file, but cannot find it now.
> 
> My local.arp looks like this:
> 
> x.x.x.4   xx-xx-xx-xx-xx-7F
> x.x.x.40  xx-xx-xx-xx-xx-7F
> x.x.x.41  xx-xx-xx-xx-xx-7F
> 
> Is the format of this correct?  If so, why does it not work?  If not
> correct, what should it be?  Or is this just another bug in the NT version
> of FW1 V4.0..
> 
> To work around this problem for now, I am just using a startup script that
> adds the arp -s entries after boot so I do not have to enter them by hand.
> By the way I did find some info on www.phoneboy.com, but I did not find a
> reference that stated the exact format of the local.arp file on NT (I
would
> make the assumption that it should be the same format on all operating
> systems, but we all know that assumption is the mother of all screw-ups!.
> 
> Any help fixing this would be greatly appreciated!
> 
> Don Moore
> Network Administrator
> Advent Enterprises, Inc.
> donm@advent.org
> 
> 
> 
>
===========================================================================
> =====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
===========================================================================
> =====
> 



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================