You probably did this already, but just in case...
The rule of thumb setting up a CP box is to first make sure routing works
between all the subnets before installing the Firewall. That way, if things
don't work as expected, you can troubleshoot on a networking level without
having to worry that the Firewall is causing problems.
How 'bout trying a rule set that allows any-any-any to test the routing. if it
works, then it's your other ruleset that's causing the problem.
On a slightly different issue, why not go with SecurePlatform if you want a
'nix based server. That way you don't have to worry about hardening the server.
>>> ldove AT BIZLA.RR DOT COM 08/31/04 09:32AM >>>
Hello,
I am setting up to migrate my installation to a Red hat Linux v9.0 platform.
I was able install everything as expected, the OS, FW-1/VPN-1, etc.. I was
able to connect to the FW with the GUI application, setup a subset of rules
to test with, etc. The configuration of the machine is 3 network
interfaces. My external WAN interface, and 2 internal, 1 LAN, 1 DMZ. I am
attempting to connect a device in the DMZ to start with to test. I was able
to successfully ping the PC to the FW itself, but can't ping from the PC to
the FW, or anything past it. From the FW, I can access everything as
expected out to the internet, and anything connected to either the LAN or
DMZ interfaces. Below is the route output from the Linux box. I've x'ed
out the WAN interface IP for obvious reasons, but I'm not sure what the
problem is. In comparison to my previous setup, a Nokia IP380, it appears
to be configured the same. With the Nokia, I didn't have to do any static
route configuration like it appears I have to do on the Red hat box. Can
someone confirm this, or point me in the right direction?
[root@wp-bpsfw bin]# route -nv
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
x.x.x.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 x.x.x.1 0.0.0.0 UG 0 0 0 eth0
[root@wp-bpsfw bin]#
x.x.x.0 is the subnet of my WAN interface, and x.x.x.1 is the eth0 IP
address.
Thanks!
--------
Beep! Beep!
Lyle Dove
BPS Senior Technician
Time Warner Cable - Los Angeles Division
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
