Hi
I have a very strange problem here that I hope someone may have
seen.
One of our customers (with 172.27.0.0-range) needs to communicate
with one of our servers (with an official ip-address).
The customer is connected behind eth3 and our external interface
(where our server is) is eth2.
I can see the traffic on eth3, but nothing comes to eth2.
All routing and anti-spoofing is correct and I get accept in our
logs.
fw monitor output gives:
eth3:i[44]: 172.27.x.x -> x.x.x.x (TCP) len=44 id=769
eth3:I[44]: 172.27.x.x -> x.x.x.x (TCP) len=44 id=769
x.x.x.x is our official ip-address.
I noticed the "Non unique ip address ranges" tab in Global Properties
and deleted the 172.16.0.0 - 172.31.255.255 range, but no luck.
It looks to me that Checkpoint just won't route unoffical ip-addresses
in source out of external interface on the firewall, but I can't seem
to find out why or if its some kind of other problem. Everything seems
correct to me.
Anyone seen this kind of behavior?
Any thoughts would be helpful as I am stuck now.
Regards,
Torkel
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
