Hi Robert, it seems to me that some of the internal hosts don't know the way back to the external net. Even the Gateway to the x.x.63.0 didn't answer to the Ping from external net. Perhaps the .253 is the default gateway for the hosts you can't reach? Axel -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Robert C. Wessel Gesendet: Mittwoch, 14. Juni 2000 05:22 An: Eric Eskam; [EMAIL PROTECTED] Betreff: Re: [FW1] Strange NT Routing Issue Eric, Are you using RIP (as opposed to static routes)? Are you using the basic routing that comes with NT4 (as opposed to the "better" router that's part of RRAS)? Are you trying to propagate a default route through the new NT router? If so, did you remember to set the underwhelmingly documented AcceptDefaultRoutes and AnnounceDefaultRoutes parameters in HKLM\SYSTEM\CurrentControlSet\Services\IpRip\Parameters? Check out: http://support.microsoft.com/support/kb/articles/Q169/1/61.ASP If you're using RRAS routing, check the advanced tab to make sure it's propagating default routes. -Robert At 11:41 AM 6/13/00 -0700, Eric Eskam wrote: > >Situation: > >FW not installed yet - trying to get routing up. > >All packets leave all subnets on internal network for external network with >no problems. >Not all packets come in from outside to internal network. >In fact, a darn strange pattern of internal IP addresses can be pinged from >the outside. >IP space is a class A subnetted 255.255.255.0 - pretty standard. > >All Interfaces on the FW computer are pingable inside and out (ie. on a >computer on the internal net I can ping all the cards - ditto for the >external side of things, on a separate computer I can ping all the cards) > >External FW interface is x.x.61.1 >Internal FW Interface is x.x.60.252 >External router (GW to internet) is x.x.61.1 >Internal router (GW to subnets) is x.x.60.253 >Additional subnetwork x.x.63.0 is reachable via x.x.60.253 > >When I ping from external (computer on the x.x.61.0 network, not from the >firewall) to the entire x.x.60.0 network these are the responses I get: > >x.x.60.13 >x.x.60.179 >x.x.60.201 >x.x.60.220 >x.x.60.242 >x.x.60.243 >x.x.60.244 >x.x.60.246 >x.x.60.249 >x.x.60.252 > >If I do a ping sweep of the Internal network from the internal network >(either computer on internal network or the FW computer itself) I get over >120 responses (yes, I know it's an overly large and flat network but it's >not mine) > >NT route table: > >C:\>route print >=========================================================================== >Interface List >0x1 ........................... MS TCP Loopback interface >0x2 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter >0x3 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter >0x4 ...00 90 27 xx xx xx ...... Intel(R) PRO Adapter >=========================================================================== >=========================================================================== >Active Routes: >Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 x.x.61.1 x.x.61.2 >1 > 10.0.0.0 255.0.0.0 10.0.0.1 10.0.0.1 1 > 10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > x.x.60.0 255.255.255.0 x.x.60.252 x.x.60.252 1 > x.x.60.252 255.255.255.255 127.0.0.1 127.0.0.1 1 > x.x.61.0 255.255.255.0 x.x.61.2 x.x.61.2 1 > x.x.61.2 255.255.255.255 127.0.0.1 127.0.0.1 1 > x.x.63.0 255.255.255.0 x.x.60.253 x.x.60.252 1 > x.x.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1 > 224.0.0.0 224.0.0.0 10.0.0.1 10.0.0.1 1 > 224.0.0.0 224.0.0.0 x.x.60.252 x.x.60.252 1 > 224.0.0.0 224.0.0.0 x.x.61.2 x.x.61.2 1 > 255.255.255.255 255.255.255.255 x.x.61.2 x.x.61.2 1 >=========================================================================== > >I'm either missing something extremely silly or am doing something above >drastically wrong - it seems fairly straight forward to me - but ??? > >We had problems with original ethernet adaptors they wanted to use and had >to change them out to what you see listed here, plus this machine has >service pack 6a on it - I think I am going to blow away NT and start over - >with just service pack 4 since that is all I can verify that is supported >for use with CP at this time. > >Any other ideas? > >Eric > > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
