thanks a lot....guys... I will try to configure some of the solutions that you gave me
Saludos, Mateo Cabrera - Soporte T�cnico Security Advisor Soluciones en seguridad inform�tica Constituyente 1467 of. 802 Tel/Fax: (598 2) 4004378 11200 Montevideo-Uruguay -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] nombre de MAINGUENE, Anthony Enviado el: mi�rcoles, 28 de abril de 2004 5:39 Para: [EMAIL PROTECTED] Asunto: Re: [FW-1] PROXY ARP, PROBLEM...!!! Hi all. The proxy ARP mecanism was not clearly defined in 4.1. As Shawn said just before, if you need to publish a virtual IP with your firewall, and if that IP not belong to your internal interface network range, then you MUST define a route (and a NAT rule, if needed) on your Nokia Voyager : Vitual_IP/32(255.255.255.255)->Real_IP Then, it will be easy on the other routers (LAN or WAN) to create a route Virtual_IP/32->FW_LAN_IP. This will permit for network that are not in the same subnet of the firewall to reach that virtual IP. Note that you can still perform a non-standard proxy ARP (as in 4.1) by editing the /config/active file (at your own risk !) Regards, Anthony MAINGUEN� Security, Networks and Telecoms Architect Structis Bouygues Construction phone: +33 1 30 60 42 38 fax : +33 1 30 60 23 77 -----Message d'origine----- De : Mateo Cabrera - Security Advisor [mailto:[EMAIL PROTECTED] Envoy� : mardi 27 avril 2004 23:43 � : [EMAIL PROTECTED] Objet : Re: [FW-1] PROXY ARP, PROBLEM...!!! NO, you are not understanding to me... I�ve clear the ARP concept, and how to configure it. The problem is when i try to configure a ARP entry with a IP which does not belong to IP range configured on this interface. This does not work on NG version, However the same configuration in 4.1 does work fine.... So long... Saludos, Mateo Cabrera - Soporte T�cnico Security Advisor Soluciones en seguridad inform�tica Constituyente 1467 of. 802 Tel/Fax: (598 2) 4004378 11200 Montevideo-Uruguay -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] nombre de Shawn Behrens Enviado el: martes, 27 de abril de 2004 11:11 Para: [EMAIL PROTECTED] Asunto: Re: [FW-1] PROXY ARP, PROBLEM...!!! > I want to create a PROXY ARP entry on a interface (e.g eth0), but this > IP belong to addresses NOT CONECTED DIRECTLY on this interface. Yeah, that's, hmm, an odd thing to want to do. > You understand to me? Sort of. I know what you wish to do, and I _think_ I know why: You're slightly confused about ARP :). ARP is used to discover Layer-2 (MAC) addresses. Logically, then, when you think about the way routing works, ARP is necessary ONLY for addresses on the same subnet as the client's address. Proxy ARP allows the firewall to respond to an ARP request for an address it does not physically have, usually used for NAT addresses that are in the same subnet as the firewall's interface that the NATed traffic comes in on. If your NAT address is outside the firewall interface's subnet, all that's needed is that the upstream router(s) know to route this traffic to the firewall. Proxy ARPs are not necessary. Go and study Layer-2/Layer-3 addressing interaction some more. It's an area oft overlooked, as it seems so basic, yet a good understanding will do wonders for the clarity of your network designs. Regards Shawn Behrens Senior Security Engineer CCMSE CCSE CCNA CNE INTEGRALIS Your Trusted Security Partner 111 Founders Plaza 13th Floor East Hartford, CT 06108 USA Tel: +1 860 291 0851 Fax: +1 860 291 0847 [EMAIL PROTECTED] www.integralis.com > -----Original Message----- > From: Mateo Cabrera - Security Advisor > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 27, 2004 8:28 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] PROXY ARP, PROBLEM...!!! > > Saludos, > > Mateo Cabrera - Soporte Tecnico > Security Advisor > Soluciones en seguridad informatica > Constituyente 1467 of. 802 > Tel/Fax: (598 2) 4004378 > 11200 Montevideo-Uruguay > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= -------------------- Les donnees et renseignements contenus dans ce message sont personnels, confidentiels et secrets. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee. Si vous n'etes pas le bon destinataire, nous vous demandons de ne pas lire, copier, utiliser ou divulguer cette communication. Nous vous prions de notifier cette erreur a l'expediteur et d'effacer immediatement cette communication de votre systeme. Any data and information contained in this electronic mail is personal, confidential and secret. Any total or partial publication, use or distribution must be authorized. If you are not the good addressee, we ask you not to read, copy, use or disclose this communication. Please notify this error to the sender and erase at once this communication from your system. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
