[FW1] NT Routing Problems

Sat, 18 Nov 2000 12:33:44 -0800 


     Hello all. I am trying to get my first Firewall One Box up and running 
     and into production and have run into some problems. Unfortunately I 
     am stuck with getting this to work on NT, our budget constrained us 
     from using a Nokia box which would have been my preference. 
     
     What appears to be happening is that packets are not being forwarded 
     between my internal and external interfaces. After fairly extensive 
     troubleshooting I narrowed this down to it being an NT problem and not 
     a Firewall-1 problem as I can duplicate the behaviour exactly whether 
     FW-1 is installed or not. I may be missing something very basic here 
     as I'm new to this arena but any help offered would be greatly 
     appreciated. 
     
     Here's the skinny, we initially need to get this firewall set up 
     without using NAT due to some processes that need to be tested before 
     it is implemented. Additionally, to avoid too many X factors I want to 
     get the firewall implemented in as secure but as simple a fashion as 
     possible to start.
     
     Here's an example of what my current layout is:
     
     
     Internet --- Router --- External IF --- Internal IF --- LAN
     
     
     Device             IP Address      Subnet Mask     Gateway 
     Router             38.164.193.1    255.255.255.0
     External IF        38.164.193.3    255.255.255.0   38.164.193.1    
     Internal IF        38.164.193.4    255.255.255.0   None
     LAN                38.164.192.0    255.255.255.0   38.164.192.4
     
     After checking and rechecking details it seems as if I did configure 
     things properly but my gut tells me I'm missing something basic. I can 
     ping the Internal IF from the LAN but can't pass traffic past that card. 
     From the NT Box I can ping both internal cards the Router and machines 
     out on the Internet. Allow IP forwarding is checked in IP properties in 
     NT.
     
     If I put the Internal IF and the Workstations on the LAN onto a 
     different network, say 10.10.10.0/24 the NT box will pass the traffic, 
     but I'm not at a stage where I can rework our entire Network and 
     implement NAT all at the same time.
     
     Any thoughts? Am I being dumb here or am I just missing some basic 
     understanding of how routing works. Any help would be greatly 
     appreciated. This mailing list has certainly helped greatly in getting 
     me at least to this point. Thanks again.
     
     Geoff



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to