I NATted without looking & broke RIP2. I was sending RIP2 updates to my
internal network, and now the updates are carrying the source IP of the
external interface, which I NATted to. Network devices on the internal
network throw out the update, because who wants to listen to RIP2 from
a non-local network. Fine & good, I know what broke, I know how to fix
it with phoneboy's "how to NAT on specific interface". Just on a crazy
whim I start sending RIP1 update (with NAT still in place) and woa ... my
packets show up with non-NAT address. Everything looks normal to network
devices. Whassup with that? Phoneboy say:
NAT and How it Workds with Firewall-1
"Packets first pass thru the security policy, then OS-level routing, and
then NAT as it leaves the gateway."
>From observation, NAT breaks RIP2 but not RIP1, that is, RIP2 update packets show
source = NATted address. RIP1 update packets show source = original address.
What's different? There's additional masking info for RIP2, but it looks
like the path to generate a RIP2 packet is different from RIP1, RIP2 somehow
gets handled & rewritten by FW1. Not a strictly FW1 question ... but thought
I'd ask it here. Running Checkpoint 4.0 on Solaris 2.6.
CT
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
