[fw1-wizards] Re: SecuRemote problems related to routing

["Dameon D. Welch-Abernathy" <dwelch@xxxxxxxxxxxx>]

> I have the following situation:
>
> Web server - router - firewall (NG) -
>                                     |
>                                     | LAN - Default route
>                                     |
>            Desktop - firewall (4.0) -
>
> Web server: 10.6.1.100/16
> Router: 10.6.1.1 & 10.4.1.100/16
> firewall (NG): 10.4.1.1 & 216.254.108.156/27
>
> Desktop: 10.3.1.101/16
> firewall (4.0): 10.3.1.1 & 216.254.108.130/27
>
> I am trying to connect from the desktop system, using SecuRemote to the
> web server. The desktop is hide mode address translated behind the 4.0
> firewall at the IP 216.254.108.130. The problem is this: when I attempt to
> ping the web server (Or use any other traffic for that matter), the
> requests time out. However, if I add a route to the NG box: route add -p
> 10.3.0.0 mask 255.255.0.0 216.254.108.156, everything works.

This sounds like correct behaviour to me. Unencrypted, the packets will have
your 10.3.1.101 address on the inside of your NG firewall. When attempting
to "route" the replies to 10.3.1.101 packets, the firewall will send them to
the default route, which is obviously the wrong place to send the packets.
The static route makes sure they get sent to the right place.

-- PhoneBoy


---------------------------------------------------------------------
FireWall-1 Wizards Mailing List (http://www.phoneboy.com/wizards/)
To unsubscribe, e-mail: fw1-wizards-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: fw1-wizards-help@xxxxxxxxxxxxxxxxxx