Do you have the route for your DMZ network in your external router? Can you see log entries in your FW when you try to access the DMZ from the Internet? Do some traceroutes and see where your packets are stopping.
Hal > -----Original Message----- > From: P.V.Sankar [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 16, 2005 2:36 AM > To: [email protected] > Subject: [FW-1] DMZ Configuration > > > Hello, > I am new to this mailing list. I have been trying and trying > on this problem for the past two weeks, but in vain. Finally > i decided that mailing lists is the best place to get proper > information. First i explain my setup. Our Checkpoint > Firewall NG is running on Solaris8 with three NICs, 1st one > facing internet, 2nd one to our DMZ area and the 3rd one to > our local LAN. We have two sets of public addresses, one set > of addresses are assigned to FireWall external interface and > router interfaces and the second set is assigned to the DMZ > interface and DMZ servers like DNS, SMTP etc. Third set is > private addresses assigned to our local LAN. DMZ is not > configured, just we assigned the IP addresses. From our local > LAN to internet everything is working properly. But if i try > to access internet from our DMZ area nothing is working. In > my firewall rulebase, for testing i have set service type as > Any, Source as my DNS system and Destination as Any. One more > rule is Source Any, Destination my DNS and service Any. In > the routing table also proper entries are there to route from > different areas. > > > > ------------ > | | > | | > | | > | | > | | External > Router > hme2[internal] |hme0[external] > |---------------| > -------------| > |--------------------|---------------| > | | > | | > | | > | | > ------------- > | > | > | > | > hme1[dmz] > > hme0 External interface IP Address: xxx.xxx.x1.yyy mask > 255.255.255.0 [public IP Address] hme1 DMZ interface IP > Address: xxx.xxx.x2.yyy mask 255.255.255.240 [public IP > Address] hme2 Internal interface IP Address: Private IP Address > > I can communicate from DMZ to my local LAN. But from DMZ i am > not able to communicate to the internet. First of all i would > like to know whether our design concept of using two sets of > public addresses is proper. If it is proper what else should > i check so that i can make my setup working. Any help is > greatly appreciated. > > > Thanks and regards, > Sankar > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
