Hello. Oh-ha. If I had check the HCL closer, I would have saved much time.
I used two unsupported network interfaces. CheckPoint detect this network interfaces during the installation and it seems they works, but only with ICMP and not for other protocols. Hm?? OK. For anybody who has the same problem with pppoe here is my solution (R71.10). - remove all IP addresses from the interface where pppoe will run - create a pppoe interface and assign it to the physical network interface - make a Import Interfaces with Topology (only the LAN interface will imported) - create a host object with the public IP address for NAT - create firewall and nat rules as you need - install policy Best regards Olaf -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]] Im Auftrag von pkc_mls Gesendet: Montag, 11. Oktober 2010 14:58 An: [email protected] Betreff: Re: [FW-1] AW: [FW-1] trouble whith DSL setup (pppoe) on SPLAT (open server) Le 10/11/2010 1:51 PM, Bachmann, Olaf a écrit : > Hello. > Hi, > PPPoE interface was created and ifconfig shows following information: > > pppoe0 Link encap:Point-to-Point Protocol > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 > RX packets:138 errors:0 dropped:0 overruns:0 frame:0 > TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:46067 (44.9 Kb) TX bytes:1966 (1.9 Kb) > you should mask your real IP addresses or replace them with fake ones. keep in mind the miling list is archived. > I removed the "virtual IP adress" [192.168.1.1] I had assigned to the network > interface eth0 (used for pppoe). Then I made a update topology to remove eth0 > with his IP, created the pppoe0 interface manually and inserted the public IP > which will assign by pppoe dialn. > > I created a network object for the public IP and a manual NAT rule with this > to hide all outgoing traffic behind this IP. > > The strange thing is, ICMP works well (request, reply and I see translated > packages with iIoO) but dns (name resolution) doesn't work. I can't see > traslated outgoing packges (O) in the capture file, I made with 'fw monitor > -iIoO -o capture-file.cap'. > Check with "fw ctl zdebug drop" why the traffic is dropped. Check in the tracker if your filetring and nat rules are correctly applied. > Best regard > Olaf Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Geschäftsführer: Herr Dr. Peter Heilmann Herr Uwe Jaroschewski HRB 84278 Amtsgericht Berlin Charlottenburg Ust-IdNr: DE 813533741 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
