I have installed fw1-41 (standalone) on my Sun
ultra OE Solaris8, which all went well.
My fw1 has two nic, one hme0 and one lane0 where the
hme0 is connected to my internal net with private
ip-addresses and my lane0 card is connected to the
external network.
Here I want to protect my internal net and also do
a hiding NAT where I use the public ip-address
from lane0 to route the packets on the external net.
It is here my problems start, how I try to configure
my firewall it doesn't seem to happen anything with
the packets. For example I try to ping a computer
on my external net from my internal it does not
translate the address.
I think that is the most simplest configuration and
should not be any problems.
In network object I have configured:
internal-net (internal, broadcast allowed, automatic
NAT and hide)
external-net (external, broadcast allowed)
firewall (internal, gateway, 2 nic, vpn&fw-1
modules)
This generates my NAT Standard, which seems to be ok.
In my Security policy standard rule no.1 says:
source: internal-net
destination: external-net
service: any
action: accept
install on: all
time: any
That is my first basic configuration which I
want to test.
Other things to know:
I have enabled fw-1 in startup. In boot or when I
run /opt/CPfw1-41/fwstart it says
"fetching security policy from local host failed"
When I run /opt/CPfw1-41/fwpolicy it says
"
Wind/U Warning (270): Individual setting of locale environment
variables unsupported (LC_CTYPE); set LANG instead.
Wind/U Warning (270): Individual setting of locale environment
variables unsupported (LC_NUMERIC); set LANG instead.
Wind/U Warning (270): Individual setting of locale environment
variables unsupported (LC_TIME); set LANG instead.
OLE API Function CoCreateGuid is not currently implemented.
Further warnings will be suppressed
"
Last thing, my .profile in root is
FWDIR=/opt/CPfw1-41; export FWDIR
PATH=$PATH:$FWDIR/bin:/usr/local/bin:/usr/sbin; export PATH
MANPATH=/usr/man:$FWDIR/man:/usr/local/man; export MANPATH
I hope I have described my situation and configuration
enough and hope that maybe anyone can advice me
what to do.
thanks a lot.
Andreas Olsson
-------------- End Forwarded Message --------------
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
