Hi Alan,
I'm certainly not conversant with SPLAT, however I'm not sure why you need
to add another interface at all. If your ISP is routing all of the new
subnet's traffic to your current external interface, it already sees it. I
would think that all you would need to do is add proxy ARP entries for each
of the new IP addresses and set them all to the MAC address of the real
external interface.
I've got an entire Class B, yet the external interface is subnetted as Class
C. I can use any of the Class B addresses simply by adding proxy ARP entries
for them.
Ray
From: Alan Choyna <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Addition of new external IP range to R55
Date: Wed, 16 Aug 2006 21:18:10 -0500
"eth1" is already defined in my firewall object. l'm trying to add a 2nd IP
range to it.
When l try to add the eth1:1 interface to the Topology tab of the FW
object, l get back the message that the interface cannot have a colon in
it.
Is that what you were referring to?
Interesting thing is that l am seeing traffic coming into IP's xx.xxx.xx.2
& xx.xxx.xx.30, but not for any IP in between. Does that indicate anything?
Alan
At 06:44 PM 8/16/2006, Lino Eduardo Avila RodrÃguez wrote:
Do you have the right topology?
Create a external interface.
Best regards
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
Choyna
Sent: Miércoles, 16 de Agosto de 2006 02:28 p.m.
To: [email protected]
Subject: [FW-1] Addition of new external IP range to R55
We have a stand alone gateway/management server that is running R55 HFA16.
We have received a new allocation of IP addresses to use as we had run out
of our initial (stingy) block. The new range is in a totally different
block
of IP's.
l went to the web GUI and under the "network connections" tab, added a
secondary IP object (called eth1:1) with an IP address of
xx.xxx.xx.2 and a netmask of 255.255.255.224 (we have the range
xx.xxx.xx.2 - 30).
l then went to the "routing table" tab and added the route with a
destination of xx.xxx.xx.0, netmask of 255.255.255.224, a gateway of
0.0.0.0, and it did attach to the correct interface (eth1).
We then created a host object (and allocated the internal and external
IP's
(using the NAT tab to map to the static external IP), and then created a
rule (with logging on) to test it with.
The tests from outside do not work, and an "arp -d' on the firewall does
not
show the new IP range.
What have we missed? or what have we not done correctly?
Thanks in advance,
Alan
Alan C. Choyna
Director of Infrastructure
Pathfinder Associates, LLC
<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com
Internet Strategy Business Consultants
<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]<<mailto:[EMAIL
PROTECTED]>mailto:[EMAIL PROTECTED]
finderassoc.com>.com
Business telephone (312) 372-1058 ext 6003. Mobile (773) 255-6662
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
