Firewall Wizards mailing list archives
Re: IBM Secureway Firewall 4.1
From: trall () almaden ibm com
Date: Wed, 8 Mar 2000 21:08:58 -0800
(Note - I have absolutely no experience with the NT firewall product.)
From the description it doesn't sound like a firewall or dns problem - it
sounds like a routing problem. What is the output from "netstat -nr". Make sure it shows the default route (the route to 0.0.0.0) going out your world interface to your ISP's router (which it should). If it's a firewall issue, you should be able to determine the firewall rule that is blocking the traffic from your logs (at least you can on the Aix firewall). In general, it is a good idea to closely examine your logs when setting up a firewall, especially if it is not allowing traffic that you think it should. Tony Rall mrivera () mminet com@lists.nfr.net on 03/07/2000 05:13:27 Sent by: owner-firewall-wizards () lists nfr net To: firewall-wizards () nfr net I,m pretty new to the firewall world and am having trouble setting up Secureway on NT. Our goal is to migrate an existing (working) AIX IBM eNetwork firewall v3.2 over to NT running Secureway 4.1. I've installed NT server, DNS services, SP5 and the firewall config client. I manually recreated all of the rules that I simply documented from the AIX firewall. I have three interfaces: World, DMZ and Secure - all are configured with the same IP addresses as our existing AIX firewall. I've recreated the routing tables on NT. On the AIX firewall, we somehow had it configured so that we did not need an internal DNS server - DNS is our secure interface on the firewall. With NT's version we're going to require an internal DNS server, an external DNS server and the firewall itself will act as a "cache-only" DNS server. When I bring our exisiting Firewall down to test the NT firewall, this is what I get: With rules deactivated: I can ping our AT&T router - World I can ping our DMZ I can ping both network segments on ou secure side I'm not able to ping beyond AT&T router to an address that a friend has ping enabled from outside world - I'm not sure if I'm supposed to be able to do this??? With rules activated: I'm able to ping both network segments on our secure network I'm NOT able to ping AT&T router I'm NOT able to ping DMZ I thought maybe it was a DNS problem - we just setup a DNS server and tried using it with this Firewall. A friend suggested that DNS would not be the problem if I was not able to ping addresses beyond our AT&T router that allowed pings from outside. He gave me an address of his to test this. Since ping was unsuccesful - I haven't a clue where do go from here. Help!
Current thread:
- IBM Secureway Firewall 4.1 mrivera (Mar 08)
- <Possible follow-ups>
- Re: IBM Secureway Firewall 4.1 trall (Mar 13)