The firewall is doing redirects: [EMAIL PROTECTED] root]# ping 192.168.1.32 PING 192.168.1.32 (192.168.1.32) 56(84) bytes of data. >From 192.168.10.1: icmp_seq=1 Redirect Host(New nexthop: 192.168.10.2) 64 bytes from 192.168.1.32: icmp_seq=1 ttl=126 time=17.4 ms 64 bytes from 192.168.1.32: icmp_seq=2 ttl=126 time=17.0 ms 64 bytes from 192.168.1.32: icmp_seq=3 ttl=126 time=17.8 ms 64 bytes from 192.168.1.32: icmp_seq=4 ttl=126 time=16.8 ms 64 bytes from 192.168.1.32: icmp_seq=5 ttl=126 time=17.1 ms 64 bytes from 192.168.1.32: icmp_seq=6 ttl=126 time=18.3 ms 64 bytes from 192.168.1.32: icmp_seq=7 ttl=126 time=18.0 ms 64 bytes from 192.168.1.32: icmp_seq=8 ttl=126 time=18.1 ms 64 bytes from 192.168.1.32: icmp_seq=9 ttl=126 time=18.1 ms
--- 192.168.10.32 ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 8078ms rtt min/avg/max/mdev = 16.845/17.677/18.319/0.544 ms But somehow these redirects don't work correctly coming back from 192.168.1.X unless the 192.168.1.X host is previously pinged. When the 192.168.10.X host has static routes, traffic from 192.168.1.X works fine. Chris -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ross Bushby Sent: Tuesday, November 11, 2003 12:06 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] adding routes with secureplatform ai Good point, is there no way you can fire up ethereal or another sniffer and actually see if the ICMP redirects are being issued or indeed arp's etc. Regards, Ross. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
