Don't you have a choice of either adding a route to B on each local resource
(If there arn't that many that really need this route) - therefore packets
go straight to the router and not via the firewall.
Or
a route on the internal router to forward everything to the firewall first -
therefore all packets go thru the firewall and back onto the same segment
and visa versa.
Or
Am I missing the point cos its Friday afternoon?
-----Original Message-----
From: Sukhpreet Singh [mailto:[EMAIL PROTECTED]]
Sent: 25 August 2000 14:07
To: 'Reed Mohn, Anders'; ''[EMAIL PROTECTED]' '
Subject: RE: [FW1] multiple subnets behind the gateway
The problem is that many of our remote offices are having trouble accessing
resources on our localnet. Under 3.0b I was just able to add static routes
on the firewalled gateway so the replies to tcp requests originating in the
remote offices (behind the internal router in the diagram below) would be
simply forwarded to the router. Now, under 4.1 SP2 I suspect, when a client
in a remote office tries to access our intranet webserver (localnet) the
http requests get there fine but the webserver's replies going through the
firewall (def. gateway) get dropped because the firewall doesn't see a
corresponding http request in the state table. If I add static routes on the
intranet server itself for the remote offices, everything works fine. Am I
stuck with adding static routes to the router on each of the hosts in the
localnet for the remote offices? Ideas anyone?!
Internet
|
Firewalled Gateway Checkpoint Firewall-1 ver 4.1 SP2
(192.168.2.1/24)
|
A (192.168.2.2/24) Def GW 192.168.2.1 [localnet]
|
(192.168.2.5/24)
Internal Router (WAN)
192.168.8.1/24)
|
B(192.168.8.2) Def GW 192.168.8.1 [remotenet]...
-----Original Message-----
From: Reed Mohn, Anders [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 4:18 AM
To: 'Sukhpreet Singh'
Subject: RE: [FW1] multiple subnets behing the gateway
Uhhm.. I see what you mean about the echo-reply packets,
and it sounds like you're right. (Though I'm not good enough to knwo for
sure...)
But why would this apply to NetBIOS traffic?
NetBIOS would wither be directed to a certain address,
or sent as broadcast, wouldn't it?
As broadcast, it would not go to the def. GW alone, but also to the other
router.
Cheers,
Anders :)
> -----Original Message-----
> From: Sukhpreet Singh [mailto:[EMAIL PROTECTED]]
> Sent: 24. august 2000 22:03
> To: '[EMAIL PROTECTED]'
> Subject: [FW1] multiple subnets behing the gateway
>
>
>
> Suppose host B in the diagram below pings host A. A sends
> it's echo-reply
> packets to the firewall because that's the default gateway.
> Firewall drops
> the echo reply packet because it does not see a corresponding
> echo request
> packet. Does it work like this? If yes, I know creating a
> rule that allows
> all communications between the internal nets would help
> things. I ask this
> because I think a lot of netbios traffic is being dropped
> between these
> internal nets. Although I suspect the tcp timeouts could be
> causing some
> problems too. I'd appreciate any comments on this. Thanks.
>
>
> Internet
> |
> Firewalled Gateway Checkpoint Firewall-1 ver 4.1 SP2
> (192.168.2.1/24)
> |
> A (192.168.2.2/24) Def GW 192.168.2.1
> |
> (192.168.2.5/24)
> Router
> 192.168.8.1/24)
> |
> B(192.168.8.2) Def GW 192.168.8.1
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
