It sounds like a routing problem at this stage. Is there a route from your
firewall to where you want to go? Every device that routes packets has to
have appropriate routing tables - even if it's a PC with two networking
cards. If not, the packet will get sent to the wrong interface and
eventually disappear into the ether. That's all I can think of now. I'll
have another look at it tomorrow after I've had some well earned sleep - or
maybe someone else can step in.
Craig/
-----Original Message-----
From: Tika Mahata [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2000 1:12 AM
To: Little, Craig; [EMAIL PROTECTED]
Subject: RE: [FW1] NAT and Internet Connection
Hi
Now,I can ping from my FW gateway to static valid ip
but I can't ping from router console to it.And also I
can't ping from my app server to outside but in log
the requiest acception is shown. But I can ping from
any hidden host to outside world.
I'm very frustrating.
Best regards,
Tika
--- "Little, Craig" <[EMAIL PROTECTED]> wrote:
> It works for me. I'm proxy arping for 12 different
> IP addresses across 7
> interfaces on our main gateway. After you add the
> file we have to fwstop /
> fwstart.
>
> Craig/
>
> -----Original Message-----
> From: Tika Mahata [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 21, 2000 6:15 PM
> To: Little, Craig; 'Tika Mahata';
> [EMAIL PROTECTED]
> Subject: RE: [FW1] NAT and Internet Connection
>
>
>
> I'd already tried for this format for ARP proxy.
>
> Tika
> --- "Little, Craig" <[EMAIL PROTECTED]> wrote:
> >
> > local.arp should be in the format
> > <IP Address> <Mac Address>
> >
> > Craig/
> >
> > -----Original Message-----
> > From: Tika Mahata [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 20, 2000 10:19 PM
> > To: Kumar, Preet (Exchange);
> > [EMAIL PROTECTED]
> > Subject: RE: [FW1] NAT and Internet Connection
> >
> >
> >
> > Hi Kumar,
> >
> > ICMP is allowed.
> > Firewall can ping application server with invalid
> IP
> > a.b.c.d.
> > External gateway MAC is used for w.x.y.z. in
> > c:\winnt\fw\state\local.arp
> > xx-xx-xx-xx-xx-xx w.x.y.z
> >
> > and
> > route w.x.y.z is statically routed to a.b.c.d on
> > firewall.
> >
> > But I even can not ping from firewall to valid IP
> > w.x.y.z.
> >
> > On ping command:
> >
> > reply from p.q.r.s: TTL expired in transit.
> >
> >
> > I'm just installing firewall and having to test
> > connection.
> >
> > Best Regards,
> >
> > Tika
> >
> >
> > --- "Kumar, Preet (Exchange)" <[EMAIL PROTECTED]>
> > wrote:
> > >
> > > Do you have ICMP allowed through your firewall ?
> > > If you have then can you ping a.b.c.d from the
> > > firewall ?
> > > If not then check the routing from the firewall
> > to
> > > a.b.c.d
> > > If yes then did you publish the MAC for w.x.y.z
> on
> > > the external network ?
> > > If not do it
> > > If yes then do you have a host specific route on
> > the
> > > firewall that says
> > > destination w.x.y.z gateway (either a.b.c.d or
> the
> > > router that is on the
> > > internal side).
> > >
> > > If all the above has been doen and you still
> > cannot
> > > ping check your NAT
> > > are you NATing when any packets come to the
> > firewall
> > > at w.x.y.z or just
> > > http, https packets.
> > > In case you are NATing for only http/https
> packets
> > > then you will not be able
> > > to ping.
> > > If you have the services in Original packets set
> > to
> > > "ANY" and services in
> > > translated packets
> > > set to "Original" then you will be able to ping.
> > >
> > > Why would you want to ping the webserver anyway
> ?
> > > Allow ICMP just for
> > > testing and when the
> > > webserver is accessable from outside through the
> > > NATed address then disable
> > > ICMP and also
> > > narrow down the NAT to only those services that
> > you
> > > require on the
> > > webserver.
> > >
> > > Preet
> > >
> > > > -----Original Message-----
> > > > From: Tika Mahata [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Monday, June 19, 2000 7:41 AM
> > > > To: [EMAIL PROTECTED]
> > > > Cc: [EMAIL PROTECTED]
> > > > Subject: [FW1] NAT and Internet Connection
> > > >
> > > >
> > > > Hi,
> > > >
> > > > My application server(i.p=a.b.c.d) is hidden
> > with
> > > > static NAT ( valid i.p=w.x.y.z).Then I cannot
> > ping
> > > the
> > > > w.x.y.z, so how can I access my application
> > server
> > > > from internet?
> > > > Pls give me some idea about it.
> > > >
> > > > Thanks
> > > > Tika
> > > >
> > > >
> > > >
> > > >
> > __________________________________________________
> > > > Do You Yahoo!?
> > > > Send instant messages with Yahoo! Messenger.
> > > > http://im.yahoo.com/
> > > >
> > > >
> > > >
> > >
> >
>
==========================================================================
> > > > ======
> > > > To unsubscribe from this mailing list,
> > please
> > > see the instructions at
> > > >
> > > http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> >
>
==========================================================================
> > > > ======
> > >
> > >
> > >
> >
>
***********************************************************************
> > > Bear Stearns is not responsible for any
> > > recommendation, solicitation,
> > > offer or agreement or any information about any
> > > transaction, customer
> > > account or account activity contained in this
> > > communication.
> > >
> >
>
***********************************************************************
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send instant messages with Yahoo! Messenger.
> > http://im.yahoo.com/
> >
> >
> >
>
============================================================================
> > ====
> > To unsubscribe from this mailing list, please
> > see the instructions at
> >
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> > ====
> >
> >
> >
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
