-
January 7th, 2005, 11:53 PM
#21
Road:
Your input would be truly appreciated.....
It's really got me.... It has also resulted in some little "niggles".
I changed the DHCP option for the gateway for the network to 192.168.3.4, (Firewall 1), and got a couple of calls from users about being unable to reach certain web sites. An NSLookup showed they were in the 63.0.0.0/8 network.... Easy fix... trot down and do an ipconfig /release/renew because the lease hasn't expired.... No problem... I tried it and it failed.... SOB... now what?... I go to the network settings and find that even though the setting for "get IP automatically" is set I can still see the 192.168.3.1 greyed out in the default gateway box???? WTF is that all about????? All it takes to fix it is to check the "use this info" radio button and then recheck the "get it automagically" button.... the old DG disappears and the system works just fine because it auto-picks-up the new DG....
I dunno.... this whole thing is "not right".... But I have this horrible feeling it's me... not the system....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 8th, 2005, 12:00 AM
#22
Tiger Shark, unrelated, but why do you call chsh, "csch"?
;TT
-
January 8th, 2005, 12:08 AM
#23
Tiger Shark, unrelated, but why do you call chsh, "csch"?
ROFLMAO.....
'cos, not only am I blind nowadays.... It appears that I am frigging dyslexic too.....
Old age sucks....
Really.... no offense was intended and I always thought it was csch...... Oh well.... I'll crawl back into my hole and be quiet for.... er.... um... 30 seconds..... "I'll be baack"...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 8th, 2005, 12:09 AM
#24
OK... I'm baack....
Sorry Chris..... never noticed it till it was mentioned.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 8th, 2005, 12:36 AM
#25
Your DNS server are internal for internet? Or located upstream at ISP?
Like I was saying, I am there petting my cat, right and I think... a firewall isn't a router. It's a filter and will only conduct business that it sees fit to the outside world. You enter a static route but it's not really a route, like in a router. It's a conduit or tunnel. So the problem could lie there. When you had the proble do you remember if you could trace your internal firewall interface?
Cheers I am off now.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
January 8th, 2005, 12:35 PM
#26
Road:
I run split or double DNS. My AD servers act as the DNS servers for the domain and request external resolution from my primary or secondary public nameservers in the DMZ. Only the AD servers may request resolution from the nameservers in the DMZ, (firewall rule), and only the nameservers can request resolution from the net, (another firewall rule).
The Firewall I use does act as a router, (Watchguard). I can put routes in it in any way I please to direct traffic internally or out the optional port which I use as the DMZ. Obviously it's routing abiility is limited by the fact that it has only 3 ports but I can direct traffic any way I like to any number of internal routers at the firewall rather than having to send the traffic to an internal router to make the routing decisions.
I could always correctly tracert anything, (including the internal interface of the firewall), as long as it was not in the 63.0.0.0/8 network unless it was in the 63.x.y.0/24 subnet - in which case it worked fine... Everything else returned "Destination host unreachable" from the router in question.....
I dunno.... My head just started hurting again....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 9th, 2005, 08:45 AM
#27
Originally posted here by Tiger Shark
OK... I'm baack....
Sorry Chris..... never noticed it till it was mentioned.....
Don't worry, I've been called far worse.
Originally posted here by Tiger Shark
I could always correctly tracert anything, (including the internal interface of the firewall), as long as it was not in the 63.0.0.0/8 network unless it was in the 63.x.y.0/24 subnet - in which case it worked fine... Everything else returned "Destination host unreachable" from the router in question.....
I dunno.... My head just started hurting again....
I still think it's related to position in the routing table. It's the only thing that makes sense to me.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
January 9th, 2005, 12:07 PM
#28
I still think it's related to position in the routing table.
Aye, but there's the rub..... The router auto-orders the display for me... so I see it as:-
0.0.0.0 0.0.0.0 192.168.3.4
63.x.y.0 255.255.255.0 192.168.2.12
192.168.100.0 255.255.255.0 192.168.3.3
blah
blah
blah
Now, while I am sure that the display is being ordered that way, (numerically), for reasons of beautification I have no idea how to see the _actual_ order they may be in. Any clues?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 10th, 2005, 04:19 AM
#29
Well maybe the actual order is in the way they are entered? That might explain why when you redid the config it worked? I dunno, I'm just thinking aloud.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
January 10th, 2005, 11:03 PM
#30
Ouch, everytime you type my head goes dizzy with more info. I thoought you had a pix for some reason and I fixed a similar issues using conduits verses static routes. I too have similar DNS settup. It is nothing but a headache. Hmmm. me runs off to check DNS rulez on the pix!
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|