|
Posted by Sunny on May 11, 2005, 7:40 pm
If you were Registered and logged in, you could reply and use other advanced thread options
nospam@killspam.org wrote:
> Inherited a Netscreen 25 , and from what appears to be the factory default
> configuration,
>
> I have configured eth3 as my untrust network , and can ping sites from the
> router on the internet from
> eth3:
>
> ...ns25-> ping 209.68.22.220 from eth3
> ...Sending 5, 100-byte ICMP Echos to 209.68.22.220, timeout is 1 seconds
> ...!!!!!
> ...Success Rate is 100 percent (5/5), round-trip time min/avg/max=44/44/44
> ms
>
> However, despite adding the policy below to an otherwise empty policy list,
> :
>
> set policy top from "Trust" to "Untrust" "Any" "Any" "ANY" nat src dip-id 2
> Permit log
>
> I am unable to ping from the VLAN interface to the outside world.
>
>
> Interface list below:
>
> Name IP/Netmask Zone Type Link Configure
> ethernet1 0.0.0.0/0 V1-Trust Layer2 up Edit
> ethernet2 0.0.0.0/0 V1-DMZ Layer2 down Edit
> ethernet3 192.168.2.8/24 Untrust Layer3 up Edit
> ethernet4 0.0.0.0/0 Null Unused down Edit
> vlan1 192.168.1.1/24 VLAN Layer3 up Edit
>
>
> I desire to set this up as a standard router / firewall, with eth1 being my
> "trusted" network, and eth3 being the Internet,
> but have been unable to get the router to ping between interfaces, much less
> route traffic between the networks...
As MQ said, your current config is a mess that won't do anything useful.
I recommend RTFM - there are worked examples close to what you are
trying to achieve - and retain a professional consultant if still unsure.
Sunny
| 
XML site map