Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 2000-q1

NFR Wizards Archives: Firewalls, PC static routes, gateways

Firewalls, PC static routes, gateways

Subject: Firewalls, PC static routes, gateways
From: Randy Witlicki (randy.witlickivalley.net)
Date: Sun Jan 02 2000 - 17:44:09 CST

Next message: Ryan Russell: "Re: Sizing a firewall"
Previous message: Ryan Russell: "Re: Help, some one's hacked into my home computer"
Next in thread: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
Reply: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
Reply: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
Reply: Csiri: "Re: Firewalls, PC static routes, gateways"
Reply: Bill Pennington: "Re: Firewalls, PC static routes, gateways"
Reply: dave.goldsmithintelsat.int: "FW: Firewalls, PC static routes, gateways"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

   I'm wondering if anybody has come up with a reasonable
solution to static routes for Windows 95/98/NT laptop users
in networks with a firewall and *another* gateway.
   If we have a setup where:
    - The default route points to the firewall on the local
network, and;
    - You need an additional route to point to a gateway for
some private network (either via VPN or a private (leased line
or frame relay) link).
    (e.g.: the route to 0.0.0.0 is 10.0.0.1 and the route to
172.16.0.0/16 is 10.0.0.2)

Specific problems I have run into include:

   - With a PIX firewall, even you don't mind having packets
bounce off the PIX inside interface, it won't let you. If you
have a "route inside" statement, you get an error of the form:
    106011: Deny inbound (No xlate) tcp
         src inside:X.X.X.X/1047 dst inside:Y.Y.Y.Y/23
     Which is the PIX's way of saying it refuses to receive a
packet on the inside interface and resend it to a gateway
on the inside. So you need a route on each host inside.

   - If you have a "route add" in a startup .BAT file on a 95 or
98 PC or a "route add -p" on an NT PC, if it is a laptop and that
laptop travels to the remote network the "route add" is pointing
at, then you need a .BAT file to reverse the startup .BAT file.
I assume you might have similar problems with a *nix laptop.
    Is there a way to get one of these systems to listen to
RIP or something similar ?
    I think I can do this with DHCP, but at least one of the
networks involved is very small and it would be nice to avoid
having to to setup a DHCP server (and having one more server
piece to depend on).

Thanks in advance for any advice and help !

- Randy
-

Next message: Ryan Russell: "Re: Sizing a firewall"
Previous message: Ryan Russell: "Re: Help, some one's hacked into my home computer"
Next in thread: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
Reply: Rodney van den Oever: "Re: Firewalls, PC static routes, gateways"
Reply: Ben Nagy: "RE: Firewalls, PC static routes, gateways"
Reply: Csiri: "Re: Firewalls, PC static routes, gateways"
Reply: Bill Pennington: "Re: Firewalls, PC static routes, gateways"
Reply: dave.goldsmithintelsat.int: "FW: Firewalls, PC static routes, gateways"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 03 2000 - 15:47:42 CST