Hi. Had to do it. the firewall is not the default gateway for the LAN and I don't have control over the default gateway (another router). So to make things easier I decided it was best to have the firewall answer the IP address and use NAT.
Here is the deal: my LAN is 192.168.2.0 , dmz is 10.1.2.0 firewall LAN ip is 192.168.2.190 at interface eth-s1p2c0 and DMZ is 10.1.2.10 at interface eth3c0 moved the router in question from the LAN address 192.168.2.95 to DMZ address 10.1.2.7 It was working ok for my lan, but the default gateway 192.168.2.1 wouldn't do ARP to get the new mac address, then I decided to rollback. Problem is.. when I do netstat -r the firewall shows the router IP as 192.168.2.95 with the correct MAC address but at eth3c0 interface, like it was in the DMZ. This means that my lan and the default gateway (which leads to a WAN) can access this router no problem, but whatever is "routed" thru my firewall won't work. Even the firewall itself can't ping the 192.168.2.95 IP. Any suggestions? Should I do a route flush or restart the firewall? Thanks. On Wed, 1 Dec 2004 21:13:56 +1100, heinz zerbes <[EMAIL PROTECTED]> wrote: > Sounds like you have screwed it up royally... > > Why did you use NAT if you just move the router to a different IF > instead of swapping the IPs? > > Send some > > # ifconfig -a ; netstat -nr ; arp -an > > output and we might be able to help. > > Cheers, > heinz > > > > > On Wed, 2004-12-01 at 00:38, Joao Santos wrote: > > Hi all. > > > > I have an ip380 running ipso 3.5.1 showing a strange behavior... I > > moved a router from one interface on the ip380 to the other and did > > NAT to the original IP. Due to some other stuff I have to rollback the > > configuration. Removed the proxy arp and the NAT rule, but now I can't > > ping this IP from the firewall. I checked the arp table and it shows > > the correct mac address for the router. I then tried netstat -r and > > there it shows the IP address, the correct MAC but on the wrong > > interface. It didn't move back to the original interface. I tried to > > route delete the entry to no avail. Reapplied the routing > > configuration on voyager but NOTHING works. Can anyone help me with > > that?? > > > > Thanks a lot! > > > > Jo�o. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
