[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] fwd is not running but everything works fine - why?
On Tue, 12 Oct 1999, Ali, Mohammad wrote:
> The script moves the logfiles to oldlog files and restarts the "fwd"
> daemon. Yesterday, when the script ran
> it failed to start the daemon. The strange thing is, everything is
> working fine - all the traffic is passing with
> xlation. Could some one explain why - I thought fwd is the process
> that is responsible for firewalling.
You have discovered one of the greatest misconsceptions of FW-1. The
firewall daemon fwd does not do any firewall filtering or address
translation. All of that is done by the kernel module. So, when you
killed the fwd, inspection sill happened. This is one of the biggest
things I stressed as SANS last week.
However, the firewall daemon does control logging, security servers,
alertd, and encryption. So, when you lose the firewall daemon, you
lose these capabilities. For more info about this, check out
my FW-1 Troubleshooting paper at
http://www.enteract.com/~lspitz/tips.html
Hope that helps ...
Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================