General discussion

Locked

NT Gateway Routing Problem

By fanchant ·
I am prepared an NT server to run Checkpoint's Firewall software. Prior to installing any of the Checkpoint software, Checkponit recommends you test the routing in general to make sure it's working. It's not.
The firewall has two NIC cards. The external NIC is 209.x.x.14/mask 255.255.255.240/gateway 209.x.x.1.
The internal NIC is 172.16.20.10, mask 255.255.255.0, no gateway.
I have the internal NIC attached to a hub. I have a PC attached to the hub. The NIC info on the PC is 172.16.20.123, gateway 255.255.255.0, gateway 172.16.20.10.
I can ping the internal and external cards on the gateway machine from the internal PC. I can connect to the internet from the gateway. I CANNOT connect to the internet from the PC. Trying to Ping anythingpast 209.x.x.14 gets 'request timed out' error. A tracert from the PC to an internet DNS server returns > 172.16.20.10, then times out.
I have added a route statement
172.16.20.0 255.255.255.0172.16.20.10 172.16.20.10.
IP Forwarding is enabled.
Any ideas? I presume it's something in my routing table but don't know what at this point.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NT Gateway Routing Problem

by Carol In reply to NT Gateway Routing Proble ...

Hi, I'm unfamiliar with the Checkpoint Firewall software. If I understand correctly, these are pre-installation settings you're talking about? Or have you already installed the software?

I have created Routers with Windows 2000,WinXP, and have used MSProxy Server 2 quite a bit. The TCP/IP settings you've detailed are sounding reasonable for a "Proxy" server. On a proxy server, the internal NIC would not have a gateway listed within it, assigning it a gateway would defeat the purpose ofthe firewall. The External card is assigned the external IP, as assigned by the ISP, along with the gateway (also assigned by ISP).

What I'm wondering here is if the Checkpoint software offers a "client" application in which the PC's on the inside of your LAN, should have installed?

With Proxy Server for instance.. this is the Proxy Server Client software. Any such application?

Collapse -

NT Gateway Routing Problem

by fanchant In reply to NT Gateway Routing Proble ...

These are pre-installation tasks.
Yes, in a way the firewall functions as a proxy server.
No, no client applications. This SHOULD work, but for some reason I am missing it doesn't.

Collapse -

NT Gateway Routing Problem

by curlergirl In reply to NT Gateway Routing Proble ...

Um - this may be too simplistic, but sometimes we just gotta start with the basic questions. Is there any packet filtering enabled on the router while you're doing this testing? If there is, usually ICMP packets like ping and tracert are the firstto be filtered out by default, so you would not be able to run either from your internal PC. You say you cannot "connect" to the Internet, but only mention using ping and tracert. Have you tested just basic browsing? If that doesn't work, the next question is - how are you doing name resolution? Internet or external DNS? Does the internal PC have a settings for a DNS server that will enable it to resolve names for web sites? Additional replies will solicit additional attempts on my part to help you solve this!! Hope this helps!

Collapse -

NT Gateway Routing Problem

by fanchant In reply to NT Gateway Routing Proble ...

No, no packet filtering. Cannot connect to any websites from the internal PC. The DNS server is external to the network (provided by our ISP). Obviously, if the packets are not getting routed out past the gateway the DNS is moot. For some reason, the external NIC appears to not be forwarding packets BACK to the internal NIC, even though there's a route statement to do so.
I just know this is going to be one of those smack yourself in the forehead answers when it's answered ... :)

Collapse -

NT Gateway Routing Problem

by curlergirl In reply to NT Gateway Routing Proble ...

Ok - another basic I thought of - is the "Enable IP Forwarding" box checked in the network properties of the server?

Collapse -

NT Gateway Routing Problem

by fanchant In reply to NT Gateway Routing Proble ...

Yes. This is stated in the initial discussion.

Collapse -

NT Gateway Routing Problem

by Assamite In reply to NT Gateway Routing Proble ...

If you are able to ping both the internal and external IP addresses of the Soon to be Firewall then the routing should be fine, you should not need to have a static route enabled on the Firewall. Few queries....is the checkpoint software installed?if so did you have it control IP fowarding? are you trying to ping outside the Firewall by IP or DNS? Can you ping the firewalls DF gateway from the PC? Do you have a DNS server with foward's running on the internal LAN? Is this a fresh built hardened server or on thats been used for testing?

Collapse -

NT Gateway Routing Problem

by fanchant In reply to NT Gateway Routing Proble ...

Checkpoint was not installed at the time. No DNS server on the internal LAN (At that point, the internal LAN was the machine I was using to test!).Fresh built server. Could NOT ping anything past the ext Firewall card from the PC.

Collapse -

NT Gateway Routing Problem

by Assamite In reply to NT Gateway Routing Proble ...

What services are running on this firewall.. i.e. PPTP for example can often set itself on one port on the gateway/router to drop all but PPTP. What service pack is this server upto? Have you attempted to disable Ip fowarding, and then reboot, then re-enable and see if this helps. Are any error messages reported in the event viewer? Also have you considered running some kind of sniffer on the 2 interfaces to see whats comming in and what the response is?

Collapse -

NT Gateway Routing Problem

by fanchant In reply to NT Gateway Routing Proble ...

Poster rated this answer

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Forums