the local.arp is under the state directory.
BTW, you don't have to use a mask when doing a 1:1 static route.
Thomas Poole
-----Original Message-----
From: Robert McWilliams [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 08, 2000 8:31 AM
To: 'Witham, John'; 'Jon Jackson'; Firewall-1 listserv (E-mail)
Subject: RE: [FW1] Pinging
I believe it is the external.if file in the $FWDIR/conf directory.
> -----Original Message-----
> From: Witham, John [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, August 07, 2000 5:58 PM
> To: 'Jon Jackson'; Firewall-1 listserv (E-mail)
> Subject: RE: [FW1] Pinging
>
>
> Hi Jon:
>
> Have you added the 111.111.111.111 to the FireWall's local.arp file? I
> can't remember the exact location of the file, but you must put the
> EXTERNAL
> IP address of the NAT'd box (111.111.111.111) and then a TAB, and then the
> MAC address of the external interface of your FireWall. After a FWSTOP
> and
> FWSTART, you should be fine.
>
> The reasoning behind this is that FW1/NT4 doesn't know to respond to an
> ARP
> request of the 111.111.111.111 address unless you specifically tell the OS
> of the box it should answer when it sees that ARP request.
>
> Also, make sure you have done a ROUTE ADD telling the OS who goes where.
> ex:
>
> route add -p 111.111.111.111 mask 255.255.255.255 10.10.10.10
>
> Hope this helps!
>
> -john
>
> John Witham, MCSE, MCP+i
> Systems Engineer
> Takeda Pharmaceuticals America, Inc.
> v/847.383.3304
> f/847.383.3205
> mailto:[EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Jon Jackson [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 07, 2000 5:08 PM
> To: Firewall-1 listserv (E-mail)
> Subject: [FW1] Pinging
>
>
>
> I am trying to ping an internal machine by its nat'd public address and
> get
> no reply. Is this possible with FW-1. Here is my setup
>
> FW-1 4.0 sp1
> Win NT
>
> Router - public address - Firewall - DMZ unreg. addresses
> |
> internal
> unregistered addresses
>
> For instance:
>
> internal address is 10.10.10.10 nat'd to 111.111.111.111
> >From machine 10.10.10.11 ping 111.111.111.111. Get time out on all 4
> tries
>
> I know I can ping private address directly but for testing I need it to go
> through the firewall.
>
> Thanks for the help
>
>
> ==========================================================================
> ==
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
