1: the machines are on the same subnet
2: i tried to use address translation on solaris, but i am not sure it is
working
Well let me make the setup a little clearer,
i have a firewall on
ip address 212.16.227.146
and second interface 212.16.227.147
then .147 address is connected to a internal HUB, that the rest of the
machines are on, and then .146 is connected to the ADSL router, and then DNS
is provided by the provider, something like 195.82.0.0 ,
Now the firewall can see the internet, and everything,
I have installed a rule, any : any : drop : short.
and then just to see if i could get on the firewall , i added a rule
epppc127 on address 192.168.1.150 , to be accepted by anything on the
firewall.
then i try to ping the firewall nothing,
now the internal setup of the machines, must it be
gateway address: the .147 address on the firewall
DNS : the firewall ? or my provider ?
or i could setup the internal machines up with the statis ip address that my
provider gave me,
so all machines have the static address of 212.17.227.0
and then DNS , then providers dns addresses
and gateway the internal address of the firewall.
when i try this setup , the machines can't see the firewall as being there
gateway , i think this has to do with the routing on the firewall, i am
running solaris 2.7 . dual ethernet cards .
Could someone , tell me how i need to setup my whole network if i have these
details,
Statis Address range from provider 212.17.227.0 .110
DNS servers from provider 195.82.0.0
ADSL router address from Provider 212.17.227.145
I am sorry if this message is a little confusing.
>===== Original Message From "Thomas Stala" <[EMAIL PROTECTED]> =====
>1. same subnet or different?
>2. are you using address translation.
>3. if the internal net is 10 addressing and the new ip address's are
>something else they can not be placed on the internal subnet which is
>different.
>4. I would not allow the firewall to be pinged from anywhere. I would drop
>ping rule 0 except from a few select machines I always work from. But I
>would not let the CEO of a company ping the firewall.
>5. The new IP addressing I am guessing you are using them for mail web and
>stuff. you should setup static IP addressing. if this is NT U need to create
>a local.arp file for the NT box to arp out.
>Solaris does not use this to arp to the IP address. Do not add these IP's to
>the firewall interface as a second IP address.
>
>well I hope this helps some I am not awake yet.
>
>
>
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of
>> benjamin.c
>> Sent: Saturday, September 09, 2000 2:25 AM
>> To: [EMAIL PROTECTED]
>> Subject: [FW1] Firewall-1 Setup And Install
>>
>>
>>
>> Hi All
>>
>> I have come into a problem,
>> i just got my static ip address given to my from my provider,
>> and now i would like to put these onto the local lan,
>> so that the machines can then go out to the internet,
>>
>> now i have taken 2 of them for the firewall , lets say they were
>> 10.10.10.1
>> and 10.10.10.2 , and then rest i am going to distribute among
>> the machines,
>> now i can get the firewall up and running, and then it cna see
>> the internet,
>> and then dns works great, and it can ping on of the windows
>> machines that i
>> have setup on the internal lan, lets say 10.10.10.4 . but the
>> windows machine
>> can't seem to ping the firewall on the internal interface,
>> it seems strange to me, does anyone think that this might be
>> something to do
>> with the firewall, or is it something with the solaris setup, ............
>>
>> so when i make the windows machines default gw, as the internal
>> interface of
>> the firewall, it does not see it, and then it can't go onto the internet,
>>
>> but if you snoop the firewall using the ip address 10.10.10.4 of
>> the windows
>> machine, and then get it to ping an ip address on the internet,
>> you can see
>> the firewall sending an echo out , but nothing else, the windows
>> machine times
>> out.
>>
>> sorry about this being so long,
>>
>> Ben C
>>
>> System Administrator
>> http://www.Apocolips.org.uk
>>
>> ( ) ( ) ( ) ( ) ( )
>>
>>
>>
>> ==================================================================
>> ==============
>> To unsubscribe from this mailing list, please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> ==================================================================
>> ==============
>
>
>
>=============================================================================
===
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>=============================================================================
===
System Administrator
http://www.Apocolips.org.uk
( ) ( ) ( ) ( ) ( )
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
