On 5 Nov 99, at 9:25, [EMAIL PROTECTED] wrote:
> I am trying to install some Watchguard Firebox II systems on internal
> networks and am running into major problems. I am using the trusted and
> external interfaces and am using RFC1918 addresses on both sides (all
*> 10.0.0.0 addresses). I have removed all blocked subnets and ports. I have
> enabled just about every service in an Any to Any fashion for ingoing and
> outgoing. When the thing is installed I can reach it from my side (on the
> external network) and users in the 'trusted' network can ping the trusted
> interface and that's all. They cannot transit the firewall in any fashion
> with any protocol.
>
> I keep seeing a Deny statement in the log that says eth0 is denying traffic
> from the external gateway router (which is configured in the Firebox as the
> external gateway).
>
> Any ideas?
See the "*" above.
10.x.x.x is a Class A network address -- default mask is 255.0.0.0.
Using 10.x.x.x on both sides of the firewall is probably taken to
mean that the trusted and untrusted networks are the *SAME* network;
packets from your internal machines see no reason to try to traverse
the firewall to reach untrusted addresses.
Try using different network addresses for the trusted and untrusted
networks....
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
