Hi Rick,
I am doing NAT for all hosts. they are all hiding behind a single
address. I have the following config
inet -> cisco -> firewall-1 -> cisco -> several frame pvcs, a bri and an
ethernet port.
most of the lans at the other end of the pvc's are 10.*.*.* nets, a few
of our old registered class c's. the local ether net is a registered
class c. the busted host is on the local class c.
I have the following objects defined:
(network) internal_net 10.0.0.0 mask 255.0.0.0
(network) tmp_go_net (local class c address) 255.255.255.0
(network) several similar to tmp_go_net that are other class c's
(network) external_net (registered class c) 255.255.255.0
(host) broadcast_255 255.255.255.255
(host) multicast 224.0.0.1
valid addresses for the internal interface includes all our registered
class c's
INCLUDING the external network IP (the one we're natting into), the 10
network,
broadcast_255 and multicast.
valid addresses for the external interfaces is OTHERS + external_net,
broadcast_255 and
multicast.
At 04:19 PM 12/13/96 -0500, Rick Romkey wrote:
>
>Are you performing Address Xlation for the single host?
>If so, define (for the external interface) spoof tracking
>of others+(the xlated legal host id).
>
>>
>> Hi all,
>> I'm trying to troubleshoot a strange DNS problem with FW 1.
>> When anti-spoofing is on ONE of my machines cannot get a
>> reverse lookup. When it's off, all ok.
>>
>> I have logging turned on for anti spoofing and for all other drop
>> rules in the rule base, but I don't see anything logged.
>> Is it possible that fw-1 (2.1 on solaris x86 2.5.1) is dropping
>> or rejecting packets w/out logging them ?
>>
>
>----------------------------------------------------------------------------
> Rick E Romkey | A T L A N T I C | Internet
>pokey @
atlantic .
com | Computing Technology Corporation | Specialists
> (860) 667-9596 | http://www.atlantic.com/ |
>-----------------------------------------------------------------------------
>
>
|
|
