Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Réf. : [FW-1] Enable/Disable IP forwarding/routing

from ivan [Permanent Link]
Subject: [FW-1] Réf. : [FW-1] Enable/Disable IP forwarding/routing
From: ivan AT CLUB-INTERNET DOT FR
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 2 Jun 2003 18:31:28 +0200 
DO NOT !!

Rule 1 : so that fw1 functions as an in-line gateway, forwarding between
interface shall be activated....

Rule 2 : no 2 os function the same way : disabled by default on nt or
linux it is enabled by default on solaris => an OS problem !!
window nt = > network configuration/services/tcpip/tab ip forwarding
window 2000 => admin tools/routing and remote access/activation or the
hack way hklm/..../IPenableRouter value(1)
linux => echo "1" > proc/sys/net/ipv4/ip_forward
solaris => ndd -set /dev/ip ip_forwarding 1

HTH

Ivan






Olaf Lange <Olaf.Lange AT METAGEN DOT DE>
Envoyé par : Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
02/06/2003 17:52
Veuillez répondre à Mailing list for discussion of Firewall-1


        Pour :  FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
        cc :
        Objet : [FW-1] Enable/Disable IP forwarding/routing

Dear all,

as I found there are some inconsistencies in public literature regarding
to Firewall-1 installations. Perhaps somebody can explain what's right :-)

In  "CCSA Next Generation Check Point Certified Security Administrator
Study Guide" (ISBN 0-07-219420-0 from McGraw-Hillx) he says "In Solaris,
IP forwarding is enabled by default and should be disabled." As well the
  processing of source routed packets should be disabled.

But in Sybex "CCSE NG Check Point Certified Security Expert Study Guide"
the authors writes "....be sure the machines properly route packets
between each network interface. Be sure that IP routing/forwarding is
anabled in your OS and the routing tables are correct."

What's the truth ? I am a little bit irretated :-(

Thx

Olaf

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Réf. : [FW-1] Enable/Disable IP forwarding/routing, ivan <=
Previous by Date:  [FW-1], javier . ferruz
Next by Date:  Re: [FW-1] Secure Client on internal network?, kim reed
Previous by Thread:  [FW-1], javier . ferruz
Next by Thread:  [FW-1] SDL Timeout in XP (Securemote), Lee, Mike
Indexes:  [Date] [Thread] [Top] [All Lists]