Routing issue on Solaris

ryan.worthington_at_westam.com
Date: 06/04/04

  • Next message: Michael E. Willard: "panic - boot: Boot: scratch memory overflow" 
    To: sunmanagers@sunmanagers.org
Date: Thu, 3 Jun 2004 20:35:17 -0500

    Hello Gents,

    After my last disastrous question, I've decided to spend a number of hours
    making sure this question isn't solved with basic math.
    I've inherited a much damaged network that is using public address space as
    private space, in violation of RFC 1918.
    There is nothing I can do but work around it, unfortunately.

    The problem I'm having is that after adding some new subnets, I am
    completely unable to route to them.
    There is a Sol 7 box running checkpoint acting as the company firewall and
    NAT appliance. I've added static routes via the route command (not what I
    would like to do, but I have to comply with company guidelines on this one)
    and have added the proper allow rules to the firewall software.
    When I try to run traceroute to these new subnets, the first hop hits the
    inside interface on the firewall, and the second hop hits the new subnet.
    This would be great, except the time taken is right around 0.499 ms, and
    there are something like 8 routers and firewalls between here and the new
    networks (in Japan)
    so I know the ICMP isn't actually making it there. It's almost like there
    is a host entry for those subnets pointing to localhost, but I've checked
    /etc/hosts and /etc/network and no such entry exists.

    Any ideas?
    The box is running Solaris 7, Checkpoint 4.1, and has 9 interfaces. I've
    posted a similar question to the Checkpoint firewall list, so I'm hoping
    between the two groups, I can some up with some things to try.

    -- Ryan Worthington
    Systems and Network Analyst IT Infrastructure Team
    WestAM - Houston, TX
    713-963-5315
    "Quid me nutrit me destruit."

     
     
    This message is confidential and may be privileged. It is
    intended solely for the named addressee. If you are not the
    intended recipient please inform us. Any unauthorised
    dissemination, distribution or copying hereof is prohibited.
    As we cannot guarantee the genuineness or completeness of
    the information contained in this message, the statements
    set forth above are not legally binding.
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Michael E. Willard: "panic - boot: Boot: scratch memory overflow"

    Relevant Pages

    • Re: Subnet & VLAN question
      ... Just set up a static route on your L3 switch that points 0.0.0.0/0 to your ... firewall and set a route on your firewall ... Just make sure that your L3 switch has got routing turned on - it should be ... You need something to route the subnets. ...
      (microsoft.public.windows.server.networking)
    • Router vs Firewall
      ... Can a router be told not to route from specific subnets to other ... or is that a firewall only thing? ...
      (comp.security.firewalls)
    • RE: suggestions on a good firewall
      ... Cisco does not do ... BTW I never said I disliked Checkpoint, ... suggestions on a good firewall ... standards (Open Platform for Security) Is brought to you by Checkpoint ...
      (Security-Basics)
    • Re:RE : suggestions on a good firewall
      ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
      (Security-Basics)
    • Re: Firewall choice for web hosting
      ... I think your definition of flaws may be flawed. ... Most of the published Checkpoint "flaws" require a significant degree ... The other major "announcements" of flaws (RDP hack and GUI overflow ... Nokia IP-series firewall can be closed down to just Port 22 listening ...
      (comp.security.firewalls)