[FW-1] Strange situation with traffic through fw

Tue, 11 Sep 2007 17:45:10 -0700 

Hello,

I currently have a situation I just can{t find the solution for.

This is an R65 SPLAT firewall module, due to a special situation, my
customer requires for a particular traffic originated from address A and
destines to address B, that arrives on the external interface of the fw, to
be translated to source IP C and destination IP D.

Basically we have a manual NAT rule that NATs both source and destination
and this used to work with an old firewall they had.

What I did was install the new fw module on a new machine, copy IPs, routes,
and local.arp file (required because of the manual NAT rules and off course
using the proper MAC addresses. Finally I created a new firewall module
object in the Dashboard and replaced the old fw object with this one
(because the hostname changed).

When we attempt a connection that requires the manual NAT mentioned above,
the SV Tracker shows the connection as allowed but the client never gets a
successful connection (is SSH to an internal server).  A tcpdump on the
internal Interface shows traffic in both directions, but the same on the
external interface I only see inbound traffic. This all means the connection
is initiated by the client, the server receives it and replies but the
firewall is not passing that reply back to the external client.

This is typical of a routing issue, where the firewall does not have the
required route to send packets back to the source of the initial connection,
but the external client resides in the  same network segment as the external
interface, so there is no real need for a route.

Does anybody have any ideas of what is going on here?? I spent around 3-4
hours today struggling with this and will have to go back tomorrow morning
to try to figure it out.

Any help will be greatly appreciated.

Regards

-- 
Sergio Alvarez
(506)8301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to