Howdy!
We are setting up a DMZ area for several of our servers. I went through
everything I could find at Phone Boy's, and at Checkpoint, but it just is
not working. Here is our setup (with the real IP's changed to protect the
innocent)
We are running Checkpoint Firewall-1, 4.1 SP1, on a Solaris box, running
Sun O/S 2.6, with the latest service packs
We have a class C address, 1.2.3.x, which comes into a Cisco 2621 router.
The FE0/0 interface is 1.2.3.20, 255.255.255.0. This goes to the Firewall
on QFE1, which has a address of 1.2.3.1/255.255.255.0. The inside
interface, QFE0, is 10.1.0.1/255.255.0.0 (we are using that Class A
address, with headquarters using the 10.1.x.x Class B address. The third
interface, which will be the DMZ interface, is QFE2, and I addressed it as
1.2.3.2/255.255.255.0. It goes out to a 10/100 Switch, with 4 machines.
The first is a SMTP server, 1.2.3.3, the second is a Domino server,
1.2.3.10, the third is a NNTP server, 1.2.3.30, and the fourth is a
mainframe, 1.2.3.51.
I put ARP entries on the 1.2.3.1 interface, arping each of the DMZ machines
to that interface. I made each machine on the DMZ have a default gateway
of 1.2.3.2, and put routing statements in Solaris pointing each I.P.
address to the 1.2.3.2 interface. I created rules allowing each of those
machines to have ALL -> address, and address -> ALL for the ports that they
needed.
The log shows an accept coming into the machine on the rule that allows,
then a deny on rule 0.
Where did I get lost at?
Thanks in advance
James
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
