Many thanks to PhoneBoy for his continuing contributions!
So, given that I was trying to do something that is known to not work
(*blush*), I'd appreciate the mailing list's advice on how I might work
around this problem, other than to do the obvious of moving the PPP link
off to a different machine entirely. (I already have too many server
machines in this little office).
Can anyone think of a way to configure the system / firewall software so
that:
* FW-1 doesn't even try to look at the PPP connection/interface, and
* FW-1 still gets to actually process the packets that do come in / go out
over the PPP connection, perhaps by way of a dummy interface ?
I put that first bullet there because even when I selected the ppp0
interface in the firewall object's properties, and selected "no security
policy" on that interface, FW-1 still appears to process the data that
comes in from the ppp0 interface because it still prints the warnings
about too-large packet sizes and "ip_p = 124".
Many thanks!
-Jay
On Fri, 9 Jun 2000, Dameon D. Welch-Abernathy wrote:
> On Fri, Jun 09, 2000 at 02:59:20PM -0400, Jay Libove wrote:
> > I just tried out FireWall-1 4.1 for Linux (RedHat 6.1) with two ethernet
> > interfaces and one PPP interface. It appears that the PPP interface is
> > giving FireWall-1 some trouble. I get a series of messages on the console
> > about oversize packets from various IP addresses, with "ip_p = 124".
> >
> > My guess is that FireWall-1 on Linux simply does not support PPP as an
> > interface type.
>
> You are correct. I believe the release notes even mention that only Ethernet
> interfaces are supported.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
