Re: [FW-1] Not able to ping from FW to either way

Mon, 14 Jan 2002 15:06:58 -0800 

Hi Don,
Many thanks for your efforts, actually the diagram is like this


Host(172.16.1.134)----FW(172.16.1.1 & 206.234.243.19)
                                                |
                                                |
                                                |
                                          Router
                                        (206.234.243.1)

                                                |
                                                |
                                          Internet


I am only trying to do static IP NAT for one host, rest all are on valid
Internet IPs.

My route print shows:

Active Routes:

Network Destination        Netmask                 Gateway
Interface                       Metric
          0.0.0.0                        0.0.0.0
206.234.243.1           206.234.243.19          1
        127.0.0.0                        255.0.0.0
127.0.0.1                       127.0.0.1                 1
       172.16.0.0                255.255.252.0          172.16.1.1
172.16.1.1                        1
       172.16.1.1                        255.255.255.255      127.0.0.1
127.0.0.1                         1
   172.16.255.255                255.255.255.255      172.16.1.1
172.16.1.1                        1
    206.234.243.0                255.255.255.0          206.234.243.19
206.234.243.19            1
   206.234.243.19                255.255.255.255      127.0.0.1
127.0.0.1                 1
  206.234.243.134                255.255.255.255      172.16.1.134
172.16.1.1                      1
  206.234.243.255                255.255.255.255      206.234.243.19
206.234.243.19            1
        224.0.0.0                        224.0.0.0
172.16.1.1                      172.16.1.1                        1
        224.0.0.0                       224.0.0.0
206.234.243.19          206.234.243.19            1
  255.255.255.255               255.255.255.255       172.16.1.1
172.16.1.1                        1
I

Kindly Guide,
Thanks,
Puneet



-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED]]On Behalf Of Don
Sent: Monday, January 14, 2002 4:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Not able to ping from FW to either way


> I am new to Checkpoint FW, so kindly bear with me and guide me urgently..
> Problem:
>
> 1) I have two ethernet cards on my FW machine.One with Valid Internet IP
and
> other LAN IP (192.168.1.1), I have all the real IPs in my network.
>
>     ISP------------Router-------Hubs----------------(E0)--FW
>
machine--(E1)------------------------------HUB-----------------192.168.1.134
>                                       |            (Valid IP-206.x.y.z,
> (LAN IP-192.168.1.1
>                                       |
> 255.255.255.0)          ,255.255.255.0)
>                                                 |
>                                                   |
>                                                 |
>                                         Workstations(with Valid IPs)
>
>      I am not able to ping from 192.168.1.1 to 192.168.1.134 and vice
> versa?? Cards are responding to self ping i.e.  if I ping 192.168.1.1or
> 192.168.1.134 from the same
>      machine, I get replies from the ehernet cards !!
What is your firewall rulset? Unless you have explicitly allowed ICMP to
and from the firewall, all such traffic will be dropped.

> 2)     I  am also not able to ping my router's valid Internet IP from my
> FW's valid Internet IP although  I have added the routes.   I  want to do
> Static NAT, I did all the steps, but when I am not able to ping the two
> machines, I guess NATing won't work.
Your network diagram is, to say the least, confusing.

Does it look something like this:

Host -- Firewall -- Router -- Internet

Host IP:              192.168.1.1.34
Firewall Internal:    192.168.1.1
Firewall External:    206.2.3.2/24 (Just an example)
Router Internal:      206.2.3.1/24 (Just an example)
Router external:      a.b.c.d/30

The router should have a default route through its serial interface.

The firewall should have a default route through 206.2.3.1.

The hosts on the internal network should have a default route through
192.168.1.1.

You should be running hide-mode NAT on the the firewall for the internal
network.

Unless you have a specific rule on your firewall, you will not be able to
ping to or from the firewall while it is running.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to