Check through either sysctl -a or by viewing /etc/sysctl.conf to see if
you are allowing for the proper kernel module to issue answers to proxy arp
requests. (6.2 configuration, 6.1=/etc/sysconfig/*)
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Wednesday, May 09, 2001 3:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW1] Linux, VPN and ARP
>
>
>
>
>
> Hi Mike,
>
> [1]
> yes, the NAT pool addresses are out of the same segment that the
> firewall is
> connected to (LAN).
>
> [2]
> Do I get you right? You have it working and using a separet
> network for the pool
> (gateway for routing is set to the firewall)?
> But how can I do it when I "wish" to use addresses out of my LAN?
> Independent from your above solution the "main" question is: why
> does my linux
> box not answer to a arp request on the same segment? If I can get this one
> working I�m sure everything else will work...
>
> Regards,
> Marco
>
>
>
>
>
> "Mike Thomi" <[EMAIL PROTECTED]> am 08.05.2001 23:45:10
>
> An: [EMAIL PROTECTED]
> Kopie: (Blindkopie: Marco Rossi/asap)
>
> Thema: Re: [FW1] Linux, VPN and ARP
>
>
>
>
>
> Hi
>
> IP NAT Pool:
> ---------------
> Do you use addresses from the same net segment like the firewall has its
> interfaces on?
>
> I have never added any arp entries for my sr clients.....I am using a
> private /24 net for the IP NAT thingy. Important is, that your inside
> servers must know the way back to your virtual "IP NAT Pool"-net (the sr
> entrypoint) and the "IP NAT Pool"-net shouldn't be in the
> encryption domain.
>
> regards,
> mike
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, May 07, 2001 8:04 PM
> Subject: [FW1] Linux, VPN and ARP
>
> > The task is realy easy:
> > Enable FW-1 to accept SecuRemote connections. The firewall (gateway)
> itself runs
> > on RedHat 7.0 and SecuRemote on W2k.
> > I�m able to connect to the firewall over the internet but it is
> IMPOSSIBLE
> to
> > reach resources on the LAN when I use "IP NAT Pool"
> >
> > What my Reseller told me was that for IP NAT-Pool the IP
> addresses have to
> be
> > "put" on the internal interface by either "local.arp" for
> Windows (not in
> my
> > case) or "arp -s <ip> <mac> -i eth1 pub". But the arp stuff doesn�t work
> out.
> > Though my linux box accepts the command, replies to e.g. a PING from the
> > SecuRemote Client reaches the destination but the answer
> doesn�t come back
> (I
> > traced it down so I could see that the arp request wasn�t
> answered by the
> > firewall).
> >
> > Can anybody tell me why the linux box doesn�t reply on the arp
> request (FW
> and
> > Linux box are on the same segment)?
> > Is this a linux thing?
> >
> > The only workaround I found was to "put" the ip addresses on the
> interface.
> > But what if I need a pool of e.g. 200 addresses - is the linux kernel
> capable to
> > handle that much on one NIC?
> >
> > Maybe I�m missing something... so I would be glad if anybody
> could give me
> a
> > hint.
> >
> > Regards,
> > Marco
>
>
>
>
> ==================================================================
> ==============
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>
>
>
>
>
>
>
>
> ==================================================================
> ==============
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
