Good, I thinks so too. and DMZ servers have to configure correct default route.(Perhaps, the default route IP is FireWall's IP).
H.C Park ----- Original Message ----- From: "Hal Dorsman" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, March 16, 2005 11:38 PM Subject: Re: [FW-1] DMZ Configuration > Do you have the route for your DMZ network in your external > router? Can you see log entries in your FW when you try to > access the DMZ from the Internet? Do some traceroutes and > see where your packets are stopping. > > Hal > > > -----Original Message----- > > From: P.V.Sankar [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 16, 2005 2:36 AM > > To: [email protected] > > Subject: [FW-1] DMZ Configuration > > > > > > Hello, > > I am new to this mailing list. I have been trying and trying > > on this problem for the past two weeks, but in vain. Finally > > i decided that mailing lists is the best place to get proper > > information. First i explain my setup. Our Checkpoint > > Firewall NG is running on Solaris8 with three NICs, 1st one > > facing internet, 2nd one to our DMZ area and the 3rd one to > > our local LAN. We have two sets of public addresses, one set > > of addresses are assigned to FireWall external interface and > > router interfaces and the second set is assigned to the DMZ > > interface and DMZ servers like DNS, SMTP etc. Third set is > > private addresses assigned to our local LAN. DMZ is not > > configured, just we assigned the IP addresses. From our local > > LAN to internet everything is working properly. But if i try > > to access internet from our DMZ area nothing is working. In > > my firewall rulebase, for testing i have set service type as > > Any, Source as my DNS system and Destination as Any. One more > > rule is Source Any, Destination my DNS and service Any. In > > the routing table also proper entries are there to route from > > different areas. > > > > > > > > ------------ > > | | > > | | > > | | > > | | > > | | External > > Router > > hme2[internal] |hme0[external] > > |---------------| > > -------------| > > |--------------------|---------------| > > | | > > | | > > | | > > | | > > ------------- > > | > > | > > | > > | > > hme1[dmz] > > > > hme0 External interface IP Address: xxx.xxx.x1.yyy mask > > 255.255.255.0 [public IP Address] hme1 DMZ interface IP > > Address: xxx.xxx.x2.yyy mask 255.255.255.240 [public IP > > Address] hme2 Internal interface IP Address: Private IP Address > > > > I can communicate from DMZ to my local LAN. But from DMZ i am > > not able to communicate to the internet. First of all i would > > like to know whether our design concept of using two sets of > > public addresses is proper. If it is proper what else should > > i check so that i can make my setup working. Any help is > > greatly appreciated. > > > > > > Thanks and regards, > > Sankar > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
