Urgent - NT 4 Routing
07 August 2003, 04:48 PM
#1
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
Hi all
I have one of my guys in Italy trying to configure a checkpoint firewall...
NT routing is sha55ed I reckon.....IP forwarding is enabled but no IP traffic is going out through this server.
tried route -f & reboot, can you add static public IP data to the NT4 routing table ??
cheers
shunty
I have one of my guys in Italy trying to configure a checkpoint firewall...
NT routing is sha55ed I reckon.....IP forwarding is enabled but no IP traffic is going out through this server.
tried route -f & reboot, can you add static public IP data to the NT4 routing table ??
cheers
shunty
07 August 2003, 06:24 PM
#3
Scooby Regular
Join Date: May 1999
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Shunty,
NT4 or Win2K ?? If its NT4 - i'm not supprised as its a pile of poo with multiple nics and CP FW-1.
Wouldnt supprise me if its a problem with the binding order of the nics. You need to make sure the interface/IP that the firewall object has been created as, responds to 'hostname' at the command prompt. Better on NG, I must admit.
As for routes then yeh. All you need to use is 'route add -p destadd mask netmask nexthop metric' - obvoius I know
The -p make the route permanent upon reboots
Ids
NT4 or Win2K ?? If its NT4 - i'm not supprised as its a pile of poo with multiple nics and CP FW-1.
Wouldnt supprise me if its a problem with the binding order of the nics. You need to make sure the interface/IP that the firewall object has been created as, responds to 'hostname' at the command prompt. Better on NG, I must admit.
As for routes then yeh. All you need to use is 'route add -p destadd mask netmask nexthop metric' - obvoius I know
The -p make the route permanent upon reboots
Ids
what will they think of next.
07 August 2003, 06:43 PM
#5
Scooby Regular
Join Date: May 1999
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Steve
its been around ages.... and most large orgs have stopped using it.
Shunty
To be honest on Intel kit, you would be better off running Secure Platform which is a hardened RedTwat Linux. Far easier to manage than on Windows and more performant. For less experianced users there is a command menu system or browser interface, for the beardy, pony tailed, flip floppers there is the usual command line interface.
Better still get some Nokia appliances. They are sweeeet
If you need any more help then post it up... dont mind as I have sweated long and hard over bl00dy NT and FW1 combos' in the distant past.
Ids
its been around ages.... and most large orgs have stopped using it.
Shunty
To be honest on Intel kit, you would be better off running Secure Platform which is a hardened RedTwat Linux. Far easier to manage than on Windows and more performant. For less experianced users there is a command menu system or browser interface, for the beardy, pony tailed, flip floppers there is the usual command line interface.
Better still get some Nokia appliances. They are sweeeet
If you need any more help then post it up... dont mind as I have sweated long and hard over bl00dy NT and FW1 combos' in the distant past.
Ids
08 August 2003, 09:35 AM
#7
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
built a new server (different nics & cables) on NT with no firewall on just to test IP routing.
On both servers you can ping the external interface of the firewall from the internal clients & you can also ping the external interface of the firewall from the internet BUT no traffic can get in or out from this interface ???
got to be a routing issue ??
any other ideas
shunty
On both servers you can ping the external interface of the firewall from the internal clients & you can also ping the external interface of the firewall from the internet BUT no traffic can get in or out from this interface ???
got to be a routing issue ??
any other ideas
shunty
Trending Topics
08 August 2003, 01:33 PM
#9
Scooby Regular
Join Date: May 1999
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Shunty,
As Jeff says you need IP forwarding on. On NT4 there is a tab to tick, if its Win2K then a registry key.
My rule of thumb is get the box routng correctly before installing/activating the firewall applications.
Ids
As Jeff says you need IP forwarding on. On NT4 there is a tab to tick, if its Win2K then a registry key.
My rule of thumb is get the box routng correctly before installing/activating the firewall applications.
Ids
08 August 2003, 01:37 PM
#10
Scooby Regular
Join Date: May 1999
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Also...
If IP forwarding is on make sure that only one NIC has a default gateway configured (on the Interface properties). This is usually your 'outside' interface facing out to the Internet.
All other routes need to be configured as statics. On W2K its not so bad (and sometimes works) but NT4 it can cause some issues if more than 1 NIC has a default gateway.
Ids
If IP forwarding is on make sure that only one NIC has a default gateway configured (on the Interface properties). This is usually your 'outside' interface facing out to the Internet.
All other routes need to be configured as statics. On W2K its not so bad (and sometimes works) but NT4 it can cause some issues if more than 1 NIC has a default gateway.
Ids
11 August 2003, 11:44 AM
#11
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
thanks guys, but yes I have IP forwarding enabled & nics are correct with only 1 gateway
I asked for the new router config from the ISP, old config had static routes etc.....
cheers
shunty
I asked for the new router config from the ISP, old config had static routes etc.....
cheers
shunty
Thread
Thread Starter
Forum
Replies
Last Post