help! please!

[pascalreischl]

hello everybody,

first offall, sorry for my bad english

i have worked with lots of firewalls before - specialy linux firewalls iptabels&ipchains. but i just changed job and i have to administrate an nokia checkpoint firewall-1 now.

it is quite simple - as unix is ;-)

but have one prob. i can't solve or even unerstand:

we have on (external) iprange. with 16 ips.
they all where bound on the hardwareadr. of the firewall so it could nat them to internal servers. i took one of the adresses out off this "bindings" to use it for an real external test server.

from external (e.g. at home) i can reach the server without any probs. the server has full internet access and everything works.

the prob is i can't reach the server form internal (inside the firewall protectet web) any traceroute or ping ends at the firewall. :-(

th firewall has no rule to nat this adress interaly or somthing like this.

what could be wrong?
please help me

so long
pascal

 

[ChrisAC]

Try looking at the firewall logs to see if the traffic from the internal network to the server is being dropped. You will need to log your rules to see this.

By default Firewall-1 drops ALL traffic and so you have to taylor the rules specifically to your needs.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Piloria]

what version of Firewall 1 are you using?
NG FP2 has a bug that wont allow pings or traceroutes through (even if the rules allow)