[FW1] Question on Rules..

Mon, 14 Aug 2000 05:33:52 -0700 


Okay, so I've been playing with firewall one this week,
got the rules sorted out, but what I can't understand is,
if I define a rule like this

internal  Netshow  any     - let netshow streaming protcol out

then the only way I can get it to work is if I add
another rule which say's

internet netshow firewall  - which lets netshow back to the firewall
(I am using NAT on the internet interface).

then it works fine, do you always have to add two rules to
get one protcol working, I would of thought that allowing netshow,
would automaticly make the firewall open up incomming ports
too, unless I am really really wrong on this, any one care to correct me?
Perhaps this is what you have to do with rules that are using NAT,
rather than just plain IP routing!
Cheers,
Lee

p.s. how do I define the outside world, i.e. not dmz, not internal,
just 'the rest' of the internet on the external interface, or is
this covered by the 'any' object?

p.p.s. I'm getting to like firewall 1 ;-).

-----Original Message-----
From: Rusdyanto Tardjono [mailto:[EMAIL PROTECTED]]
Sent: 14 August 2000 08:45
To: [EMAIL PROTECTED]
Subject: [FW1] DMZ can't access to internet



Dear Guru,

I am in the process of Checkpoint pre-installation. As the requirement says,
I must make sure that the routing work before installing the software.
My configuration:

>From router goes into one NIC of FW-1 (202.xxx.xxx.xxx) and another NIC from
FW-1 goes into a hub which connects to DMZ Servers.
I can ping to internet from FW-1 machine but from a server in DMZ area can
only ping to the FW-1, not even ping to the router and internet.
Can someone please help me? Your advice is very much appreciated.
Thank you.

Regards,
Rusdy




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to