Damo, - Do you see any trafic if you generate some ON the firewall? - "fw ctl iflist" - Does this command show all interfaces correctly?
Lars > -----Original Message----- > From: Damien Hart [mailto:damien.hart@;CANBERRATIMES.COM.AU] > Sent: Wednesday, October 23, 2002 06:24 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] NAT rules not working under FP3 - further info > > > More info to add to the confusion... > > Telnet doesn't work either. A sniff outside the firewall > does not see ANY > traffic from the firewall at all. Trying the same tests with > a rulebase > with a single "any any any accept" rule is no different so it > doesn't appear > to be related to the rules either. It seems like it should > be a routing > issue but I can't see how it can be... > > Help please..... > > Damo > > > > Hi again all, > > > > After completely rebuilding my SecurePlatform FP3 and > rulebase to fix my > > authentication problems (it DID fix them by the way) I have > just gone to > > test traffic directly passing through the firewall and it > appears to not > be > > working if there is a NAT involved. > > > > For web browsing I access a proxy server on my DMZ without > NAT and it > > accesses the Internet without a NAT. This works fine. But > when I try FTP > > or NNTP to a host directly I see the entry in the log accepting the > > connection, but the applications come back saying > connection failed. Just > > like Mayooran I see the correct TX address in the log as > well (my two > > seperate internal networks are both hiding behind the > firewalls external > > address) but nothing further. Strangely, a traceroute > through the firewall > > works as it should... > > > > I am fairly sure I have this setup exactly as I did in FP2 > and it worked > > fine there so is there something extra in FP3 that I need > to do? I would > be > > sooo happy to get everything to work on this platform at one > time........... > > > > Routes are correct including default route on the firewall > (otherwise the > > web proxy wouldn't work either) and antispoofing is setup > correctly with > the > > groups of networks on each interface assigned to that > interface and the > > external interface set to "external". The access list on > the external > > router is not to blame either as I have tested with it removed. > > > > Does anyone have any ideas of other things I can check? It > seems to be a > > most peculiar problem. > > > > thanks in advance, > > > > Damien > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
