Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Route issue ... newbie alert ... update ... red herring

from MARTIN, SAM [Permanent Link]
Subject: [FW-1] Route issue ... newbie alert ... update ... red herring
From: "MARTIN, SAM" <smartin AT C-SPAN DOT ORG>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Tue, 21 Feb 2006 15:23:36 -0500 
All:
Thanks for the replies. Looking a bit further,  I find I likely don't have a 
Checkpoint NG issue after all. As I said, traffic is going out the proper 
interface. There's a downstream router I have an eye on.
thanks and rgds
S

From: 
<http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-4870-a83e-8032637a87c81033.mspx>
 
"When an IP datagram is sent from a multihomed host, it is passed to the 
interface with the best apparent route to the destination. Accordingly, the 
datagram may contain the source IP address of one interface in the multihomed 
host, yet be placed on the media by a different interface. The source MAC 
address on the frame is that of the interface that actually transmitted the 
frame to the media, and the source IP address is the one that the sending 
application sourced it from, not necessarily one of the IP addresses assigned 
to the sending interface."

______________
A closer look at the Ethereal capture file reveals that echo requests are going 
out on the proper (private) interface, but with the source ip of the public 
interface.
curiouser an curiouser
S

All:
... maybe a mispost to the checkpoint list, .... Idunno  ...
Checkpoint FW1 v4 (192.168.1.1) won't forward packets to an internal network, 
172.16.21.0
route add 172.16.21.0 mask 255.255.255.0 192.168.1.100
the gw of choice ( 192.168.1.100) is an hp9308m switch, altho' I don';t see an 
issue here, since Ethereal shows 'ping 172.16.21.63' going out the public 
interface of the  checkpoint box. Other routes on checkpoint to internal 
networks work fine.
route add 172.16.21.0 mask 255.255.255.0 192.168.1.100 works fine on my PC, 
192.168.1.222
Maybe this has nothing to do with checkpoint at all, any suggestions welcome
atb
S



Notice: This email was scanned by the C-SPAN InoculateIT AntiVirus Engine and 
is virus free.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Route issue ... newbie alert ... update ... red herring, MARTIN, SAM <=
Previous by Date:  [FW-1] Securemote encrypt_db, Christian Franke
Next by Date:  Re: [FW-1] ISA Firewall Question, Hawkins, Michael
Previous by Thread:  [FW-1] Securemote encrypt_db, Christian Franke
Next by Thread:  [FW-1] HFA's, Alvaro Gastambide
Indexes:  [Date] [Thread] [Top] [All Lists]