Paul,
Let's see how I can mess around with you...;-)
(this is only humorous if you followed my last post.)
You did follow the fw instructions and have good
communications between networks, _before_
installing the fw right?? If not, disconnect from ISP
and stop the fw software.
Your external router wants to have a default pointed
towards ISP. It will also need to have a route entry for
every internal(behind firewall) network that is not NATted,
that you need to talk to from the outside(not advisable).
If your doing NAT, then the addresses will be that of the
firewall or that the firewall is 'faking' to be and will be local
to the external router, so no additional routes would be
needed on the external router. Don't forget about ARPs
on the firewall in this case.
Your firewall wants to have a default route pointed at the
external router, along with all internal networks that it needs
to talk to, not directly attached to it.
Your internal router will have a default pointed at the firewall,
along with specific routes for networks not directly attached.
I would make use of route summerization, to help with
keeping routing tables/decisions small.
Once you have communications between networks working,
then restart fw and test rules and connectivity. Once working
again, reconnect to ISP.
HTH(and I didn't mess around with you.)
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Paul Hessels <[EMAIL PROTECTED]> 8/25/00 10:26:14 AM >>>
>
>Sorry if this is a dumb question. My firewall isn't routing, shouldn't it be?
>
>I have a Sun 220R running Solaris 2.6 w/patches and FW-1 4.1 w/service packs.
>
>I have a policy installed of: any any any allow short.
>
>This is my network layout:
> [143 subnet]
> |
> |
> |
>[144 subnet]---[internal router]---[ fw ]---[external router]
> [ 123.123.143.1 ] [ 123.123.1.4 ] [ 123.123.1.1 ]
> [ 123.123.2.1 ] [ 123.123.2.4 ]
> [ 123.123.145.1 ] [123.123.146.1]
> [ 123.123.144.1 ] |
> | |
> | |
> | |
> [145 subnet] [146 subnet]
>
>-the internal router has a default gateway of 2.4(the firewalls IP)
>-the fw has a default gateway of 1.1(the external routers IP)
>-this is the routing table on the firewall:
>123.123.2.0 123.123.2.4 U 2 3 qfe2
>123.123.1.0 123.123.1.4 U 2 3 qfe3
>123.123.146.0 123.123.146.1 U 2 3 qfe1
>192.168.118.0 192.168.118.1 U 3 4 hme0
>224.0.0.0 192.168.118.1 U 3 0 hme0
>default 123.123.1.1 UG 0 2235
>127.0.0.1 127.0.0.1 UH 0 8170 lo0
>
>
>The problem is, I can't communicate from internal clients, on the 144 for instance,
>to the external router
>or to the 146 subnet. Do I need to create routes on the fw for the 144, 145 and 146
>subnets? Or
>should the fw software be doing that? What configuration do I need to set? If I
>create a route on the
>fw, for the 146 for instance, then it works, but it seems wrong. Is it?
>--Paul
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
