Problem with getting through to the internet

[mquinn0908]

I recently received a Firebox 700 and I set up the trusted and external interfaces and as soon as I go to my client machines and put in the trusted interface for the gateway I can no longer access the internet. We have a DSL router and it is connected to our external interface. When I go back to the client and put in the router's IP address for the gateway I can get on the internet. What am I doing wrong?

When I have the firewall's trusted interface address on the client for the gateway and then I try to browse the internet all it does is sit there until it times out and then I get a page can't be displayed message.

 

[ashleym]

What do you have the Firebox's gateway set to? It should be set to the router's IP

AM

 

[mquinn0908]

The gateway for the firebox is set to the external ip address of the router.

 

[tmckeown]

If your router is doing NAT, then you need to set the gateway to the routers internal address.

 

[mquinn0908]

My router is using NAT and when I try to set up the gateway on the firewall to the internal ip address of the router then I get the following error message:

The default gateway must be an IP address within the external subnet.

 

[Ntr0P]

The subnet and subnet mask of the internal interface of your router and the external interface of your FB should match.

 

[mquinn0908]

You have me confused. I'm not quite following you. Can you give me an example. Thanks.

 

[mquinn0908]

Ok here is my setup and see if you see anything wrong with it.

My firebox is set up in routed mode and is sitting behind the router and is inside the network. The subnet mask of the internal interface of the router and the subnet mask of the external interface of the FB do match. I have an internal and external ip address set up on the router and the external ip address of the router is the gateway set up on the FB.

I have the external interface set with an static ip address given to me by my ISP. I have a cross over cable from the external interface to the router (currently no link light on interface and cannot ping the address).

My router has another static ip address that was given to me by my ISP assigned to it and there is a cross over cable running from the router to a switch.

I have the trusted interface set with a static ip address of my internal network and there is a straight through cable going from that interface to a switch (link light is up on this interface and I can ping the address).

When I change the ip address of the gateway on the client to the ip address of the trusted interface and try to browse the internet I can look at the firewall log and see an entry that says allow and then the page just sits until it times out and then I go back to the log and I see another entry that says error while sending/receiving; server not responding.

 

[mquinn0908]

I have added a nat entry on my firebox from the trusted interface to the external interface and now when I try to browse the internet the page immediately comes back as "cannot find server" and when I look at the log I get the following entry:

16998 04/02/03 10:33:11 http-proxy[122] [100.100.69.229:1260 64.236.24.4:80/] Error while sending/receiving: Can't receive data from server (No route to host)