To the guy who doesn't identify himself,
> You mean FireWall-1 System's?
>
> * Disable ip-forwarding for one on the destination pcs
>
> So then all Internet Connection will be losted
>
No, off course not. Learn to read, it says destination pcs, not FW-1
machine.
"Disable ip-forwarding for one on the destination pcs."
Ip forwarding could be enabled on one of the destination pcs and that can
cause the trouble.
Is this the case?
> Hi,
>
> >
> > Have anybody out there encountered this prolem ? I have a
> > FW 4.1 (running
> > on Solaris 2.6 ) and I have 50 licences. I have 30 PC with 1
> > NIC card each.
> >
> > Recently I can't login to FW via console. The following
> > error apperas :
> You mean login remotely, if you can't login from the console
> attached to
> the
> server that's severe.
>
> >
> > Nov 7 10:21:59 wt-iadvantagefw unix: FW-1: too many internal
> > hosts (103)
> > detected
> > Nov 7 10:21:59 wt-iadvantagefw unix: (202.85.99.140
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.128
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.234.4
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.126.45
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.25
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.9
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.163.5
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.3
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.2
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.1
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.34.241
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 169.254.248.249
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.183.36
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.189.101.160
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.81
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 209.178.166.180
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 202.85.161.70
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 208.163.139.149
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.104
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.105
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.106
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.107
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.109
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.110
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.111
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.168.98
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.101
> > Nov 7 10:21:59 wt-iadvantagefw unix: , 192.168.128.102
> >
> > Please help. I am not sure why some external IP appears .
>
> The firewall sees all these hosts as being internal. If you see some
> external hosts among the addresses it could be something that I once
> had.
> Check to see if none of your PCs has several interfaces or
> has different
> addresses defined on the same interface and has IP forwarding on.
> Then, when a packet reaches your PC's interface with an destination
> address
> different from the default one, the packet will be sent back on to the
> network where it is spotted by fw1 and since the packet's
> source address
> is
> the address of the real external client, the fw thinks there's a new
> host on
> the internal network and increments its hostcount.
> Disable ip-forwarding for one on the destination pcs.
> Then clean the hosts tables by stopping the fw (fwstop), deleting
> database/fwd.h & database/fwd.hosts and restart the fw (fwstart).
> Now check with 'fw lichosts' to see if any new hosts are
> added after you
> hopefully solved the problem on your destination pcs.
>
> Hope this helps,
>
> Guy Zelck
> EDS, E.Solutions Benelux
> Database- & Unix System Administrator
>
> Tel: +32 (0)2 - 711.39.43
> Fax : +32 (0)2 - 711.39.47
> Email: [EMAIL PROTECTED]
>
>
>
>
>
> ==============================================================
> ==========
> ========
> To unsubscribe from this mailing list, please see the
> instructions
> at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==========
> ========
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
