Hello all ; I'm doing a security implementation on a large network. The network has been segmented in too many subnets and we're doing NAT to provide outside access to the servers that provide Internet services. We're using Firewall-1 Next Generation on Nokia IP 530 (IPSO). The issue is : there are some machines on the internal network doing static NAT from internal to external IP address. Sometimes when we try to ping the static NAT address of one of these machines from the management network we get a reply from the host but comming from it's real IP (invalid one). If I try to ping again, the reply comes with the external IP address (the address that I've used to do the static NAT).
It happens only with machines that are connected to the LAN. When I try to ping some server NAT address that are located on DMZ, the reply always comes with the NAT address (external, valid ip). Another concern is about these Firewall-1 messages that prints everytime on the IPSO screen ; Jun 25 19:04:55 firewall-NG [LOG_CRIT] kernel: h_slink: link already exists Jun 25 19:04:55 firewall-NG [LOG_CRIT] kernel: FW-1: fwconn_init_links: ld_slink(cls_o) failed <1,c0a80608,0,aa0a015f,200,1> -> <0,aa0a015f,200,c8f24607,0,6ca0> Jun 25 19:04:55 firewall-NG [LOG_CRIT] kernel: FW-1: fw_conn_post_inspect: fwconn_init_links failed Can someone tell me why Firewall-1 prints these messages ? I've found on a Firewall-1 mailing list that these messages can be safety ignored but I can't belive on it. I just want to understand what these messages are trying to tell us............ Thans in advance. Kind Regards ; []'s -- Alexandre Freire, SANS GCFW Analista de Seguran�a - Modulo Security Solutions Rio de Janeiro - RJ - Brasil Tel.:(21) 2206-4706 Mailto:[EMAIL PROTECTED] - www.modulo.com.br ----------------------------------------------------- As informa��es existentes nessa mensagem e nos arquivos anexados s�o para uso restrito, sendo seu sigilo protegido por lei. Caso n�o seja destinat�rio, saiba que leitura, divulga��o ou c�pia s�o proibidas. Favor apagar as informa��es e notificar o remetente. O uso impr�prio ser� tratado conforme as normas da empresa e a legisla��o em vigor. The information contained in this message and in the attached files are restricted, and it confidentiality protected by law. In case you are not the addressee, be aware that the reading, spreading and copy of this messages is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according the company's internal rules and legal laws.
