1. The FreeBsd should have IP forwarding configured.
2. The FreeBsd should have the firewall as it's default gateway, and NO
other static routes present.
3. The FreeBsd should have the netmasks configured properly.
4. The firewall should be configured NOT to apply NAT between the local
networks.
5. You should add "route add -p 192.168.1.0 mask 255.255.255.0 10.1.0.1" on
the Firewall, assuming 10.1.0.1 is the gateway to the 192.168 network.
6. The default gateway for the 192.168 network should be 192.168.1.1 ( the
FreeBsd).
HTH
Michael.
-----Original Message-----
From: Philip Parle [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 2:02 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Routing problems with between Firewall-1 and NT
Hi.
Can anybody please tell me if I am missing something basic here?
Here is a model of our network:
Internal network
Internet &
Default Gateway ---------
-------- 192.168.1.0/24
| ---------
| |
| |
192.x.x.x/24 |
| 192.168.1.1
10.0.0.0/16 ---10.0.0.1 - Firewall |
Checkpoint - 10.1.0.2 --------10.1.0.1 FreeBSD
V 4.0
| --------
172.16.1.1 10.1.0.0/24 link to
| -------- another site
|
|
|
----------
172.16.1.0/24
----------
DMZ
The firewall has 4 cards in. The default gateway is the external card. The
DMZ zone and the internal network all work fine. Recently we have installed
another card to allow us to access the 193.168.1.0 network on through the
interface 10.1.0.2. On the firewall any machine or the gateway for the 192
network can be accessed without a problem.
>From behind our firewall no machine can access this network. Any packet by
default gets sent to the default gateway and returns some unreachable
address outside.. Am I right in assuming that this means that the packet is
being passed to the default gateway for routing?
We thought that a static route was needed to access this network:
and the reverse on the FreeBSD.
something like:
route add 192.168.1.0 mask 255.255.255.0 10.1.0.1
This allows routing from the Freesbsd to our network, but unfortunately not
for us.
We have tried a number of other combinations with no luck.
We used netmon on the firewall to take some sample data and analysed the
packets bound for the 192 network. The short of it was no routing
information present.
Is there a limitation of NT that I am missing here (or is it just limitation
of my throbbing brain.
Any advice would be greatly appreciated and warmly welcomed.
Thanks.
Philip
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
