routing will need to be enabled. Enable IP forwarding.
Enabling default gateways on more than one interface on NT is a "feature"
but will get you nowhere. Don't do it.
The only other big difference is that NT still has not figured out proxy
arping. You will need to create a local.arp at
$fwdir/state/local.arp
The file needs to have the following:
<external IP address you are natting> <Mac address of fw-1 NIC facing the
internet router>
Thomas
-----Original Message-----
From: Jason Kent [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 26, 2000 2:19 PM
To: 'Steve Babb'; [EMAIL PROTECTED]
Subject: RE: [FW1] fw1 on WIN NT. Couple of install issues....
Anyone feel free to correct me if I'm wrong.. but I believe:
The default gateway on the internal NIC should be blank
Yes, the Enable IP routing box needs to be checked.
as far as internal boxes getting out... by guess is the request gets
out...but can't come back, as NT doesn't really do NAT ... but once you
setup FW1 on the machine... and setup NAT on that... that will help...
Depending on your router config... you may need to add entries to your
local.arp file on the NT/FW1 box.... either that or reconfig the router...
... not sure how you had it setup.
If you have the IP config on NT down...I don't think you'll need static
routes on the NT box... but if you do find you do... try typing route help
or route /? ...
you'll want to do something like:
route add -p <network> MASK <subnetmask> <interface IP>
Hope that helps at least a little
-----Original Message-----
From: Steve Babb [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 26, 2000 10:52 AM
To: [EMAIL PROTECTED]
Subject: [FW1] fw1 on WIN NT. Couple of install issues....
Hello all,
Thanks for reading. I have been trying to run fw1 on Linux but have found it
to be way too instable, so to cut a long story short I have decided to put
it on NT. Unfortunately for me I have limited experience with NT networking
and using nt as a gateway. So here are my problems/questions..
I have two network cards installed in my NT box and have set one up with a
real internet ip, and the other card has a made up address on the range of
my LAN. In the default gateway should they both have the address of my
router? ie real ip 195.92.236.90, default gateway 195.92.236.89, and card
two, pretend ip 192.9.200.181, default gateway 195.92.236.89. Is that
correct? I have also been to tcp/ip properties and enabled routing. I have
no experience with using NT as a gateway, so is this all I need do? At this
point I can access the internet from the gateway machine and also access my
local lan from the gateway. I then tried to access the net through the
gateway, putting 192.9.200.181 as the default gateway on a couple of pc's,
unfortunately they could not access the net. Is this because NT cannot do
NAT out of the box, or am missing something? I also tried installing fw1 at
this point onto the gatway and made a quick policy, localnet > any > allow..
This also didnt work. Can anyone tell me at which point my routing etc is
incorect?
The fw disk also installed meta ip and some others. Do I need these? They
where not present on the Linux version.
Finally I asume I need to set up some static routes on the gateway and some
arp's. I guess I need a local.arp and need to add a route under nt. is it
as simple as route add 195.92.236.92 192.9.200.167 -p?
Sorry for all these questions but I am up to the ears in fw1 at the mo...
Any other windows specific tips would be great :-)
Cheers,
Steve
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
