Alexander,
Did you install the FW software on the box yet? If so,
then you really need to get the connectivity working
before hand, so you'll need to stop the fw software
before testing. Make sure that it's not running at all.
Otherwise, just add one rule that allows any to any,
and make sure that your not connected to the internet.
As for the routing, the NT system will already have
route entries for all directly attached networks. Your
default route should be aimed at the external
interface(which you said is.)
Now if you have more than one internal network, not
attached to the firewall/NT system and you want to
allow connectivity to/from them, you will need to add
a route entry for each. If all of the internal networks
are based on the RFC1918 192.168.x.x, then you'll
only need to add one addtional route like;
route -p add 192.168.0.0 mask 255.255.0.0 192.168.n.h
where 192.168.n.h is the next hop(router) that is on the
same network as the internal NIC of the NT system. The
'-p' will make the route with-stand reboots(most of the time).
Finally, make sure that each of the clients know how
to return traffic to the fw/NT box.
Let us know if this helps/doesn't help.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Alexander Nelson" <[EMAIL PROTECTED]> 7/3/00 10:26:00 PM >>>
>
>I have been tasked to rebuild the firewall at our office due to a problem
>with windows nt.
>
>I am comfortable with firewall-1 not so much with windows nt.
>
>I have a dual homed machine - one internal NIC (192.168.x.x address) and an
>external NIC
>(205.x.x.x address). The external NIC has a default gateway set to our
>internet
>connected router, and the internal NIC has no gateway set (per my fw-1
>readings).
>I also have IP routing enabled in the TCP/IP settings.
>
>Through my external NIC I am able to ping the router, and our ISP's DNS
>servers and
>through the internal NIC I am able to ping other machines connected to the
>192.168.x.x
>network.
>
>My problem is I can not get the internal NIC to route to the external NIC.
>Before
>installing the firewall I have tried to ensure I have full IP connectivity -
>which I
>don't. From a machine inside the firewall I can't ping the external
>interface of the
>firewall - again before installing fw-1
>
>
>Do I need to add a route to NT's routing table ?? If so, what ??
>
>Shouldn't NT does this for me ?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
