[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Routing on firewalls

To: "Haji, Mohmed" <HajiM@logica.com>, "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: Re: [FW1] Routing on firewalls
From: "Young, Roger" <youngr@erinet.com>
Date: Sun, 07 Nov 1999 00:14:40 -0500


What role does the "Control IP Forwarding" have on "no installed rules"? If
you have no rules installed and the "Control IP Forwarding" option is also
turned off  will the firewall route packets or not? Are these mutually
exclusive? Will test....

On maybe a related note, we stared at a firewall recently during a 4.0
upgrade for what seemed like a long time when nothing would go through it.
We started out with no rules (because of a license string problem - ahhhh).
The Check Point service was turned off and we could still not route through
it to save our lives. We were cussing out the layer-3 switches.

We should have known better but we forgot that the box had "Control IP
Forwarding" which we always set. Didn't matter the service was stopped.
Duh, the closer you work with this the easier it is to forget....

Roger

At 03:03 PM 11/05/1999 +0000, Haji, Mohmed wrote:
>
>I am trying to install a firewall. I have sucessfully installed the licence.
>I have not yet installed a security policy or run the fwputkey command.
>
>We have the following configuration
>
>firewall IP1 ----------  IP2 Building Router IP3 ------------- Internal
>Network
>
>IP1 = 193.123.204.9
>IP2 = 193.123.204.10
>IP3 = 158.234.70.1 
>Internal network = Class B addresses with the Class B address 158.234.0.0 
>
>I can ping IP2 from a machine in our internal network. But I can't ping IP1
>(the firewall interface). This suggests to me that the routing table on the
>building router is OK but the routing table on the firewall isn't.
>
>I think that I need to add a static route to the internal network on the
>firewall.
>To this end, I used the following command
>
>route add 158.234.0.0/16 193.123.204.10
>
>Where the Subnet Mask is 16 and 193.123.204.10 is IP3 on the diagram above.
>(The 158.234.0.0 is the network ID of our internal network as explained
>above).
>
>After doing this, I tried pinging the firewall but got the same request
>timed out message. When I checked the routing table using the netstat -nr
>command, I found that the route I added wasn't listed. Is what I tried to do
>correct? What am I doing wrong?
>
>Many thanks for any help offered!
>
>
>============================================================================
>====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>============================================================================
>====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Traceroute
Next by Date: Re: [FW1] hash kernel memory VS. system kernel memory
Prev by thread: RE: [FW1] Routing on firewalls
Next by thread: [FW1] FW-1 Load Balancing and Redundancy Solution.... (Interesting)
Index(es):
- Date
- Thread