>A couple of servers are being statically nated on our firewall. i can
>ping these servers by their public ip addresses on the firewall itself.
>But i cannot ping these servers by their public ip on the internal LAN.
>
>Why is that?
At a guess...
Host A being the pinger, sends it's ping out through its default route, which
reaches the firewall.
Fireall takes ICMP echo request packet, NATs it, and forwards it to Host B
Host B goes 'ah I have a packet from Host A' and then sends an ICMP echo reply
to host A.
BUT because host A is on the same subnet as host B the echo reply doesn't get to
the firewall, and thus doesn't get NATed back so host A actually recognises it.
You can check this by running a 'snoop' on your local machine, and doing the
ping. I'm guessing you will see a response, but not from the _external_ ip
address of host B.
--
Ed Rolison
Systems Admin
ER706-RIPE
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
