I haven't defined the eth2 as external.i made an allowance group for eth2. So does it mean that, except for the external interface, all other connections are being checked at all other interfaces and for external interface, the connection is only checked for once even it crosses multiple interfaces?
v.r -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Chris McGill Sent: Tuesday, April 05, 2005 3:31 PM To: [email protected] Subject: Re: [FW-1] spoofing question Do you need to make an spoofing allowance on eth2 for 172.24.200.0, as I assume you have not got it defined as an external interface, and therefore, the filtering applies to anything that passes through the interface? I could be wrong. Christopher McGill CCSA, CCNA, MCP ________________________________ From: Mailing list for discussion of Firewall-1 on behalf of Ramdas, Venkata (GE Healthcare, non-ge) Sent: Tue 05/04/2005 09:41 To: [email protected] Subject: [FW-1] spoofing question Hello, Does the spoofing performed for a same source and destination if it crosses multiple interfaces? For example, I have eth1& eth 2 with addressing 192.168.1.1/24 and 192.168.2.1/24 as interfaces and 172.24.200.0, 10.10.10.0/24 as connecting networks 172.24.200.0/24 --- ------- 192.168.2.0 |--------eth1 ------ eth2-------| 192.168.1.0 ------- -------- 10.10.10.0/24 if I need to allow 172.24.200.x to access 10.10.10.0/24 I allowed 172.24.200.x in eth1 spoofing allowances and 10.10.10.0/24 in eth2 spoofing allowances.. and also configured access rules and routes too.. Now when somebody is trying from 172.24.200.x to 10.10.10.0/24 , the packet is getting accepted at eth1.. but getting dropped at eth2.. could anybody throw some light on this? Iam using Checkpoint NG AI on IPSO 3.7 build 35.. Thanks, vr ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
