- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Firewall as Default Gateway
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-06-2006 02:46 AM
тАО04-06-2006 02:46 AM
I'm having a little problem getting my computers to see the outside world. I have configured my 5308 Procurve with 4 VLAN's, each with an ip address. Devices on the VLAN's can happily see each other via their default gateways. I have connected my Sonicwall Firewall to 1 of the VLAN's and put static routes in it for the other 3. All devices can ping the Firewall, and the Firewall can ping all devices. I put a default route in the Procurve to point to the Firewall, but my clients cannot get internet access. The firewall is on the same VLAN as my servers, inc dns server. If I change the default gateway of the dns server to point to the Firewall, it gets out OK.
Here is my config:
Running configuration:
; J4819A Configuration Editor; Created on release #E.10.23
hostname "HP ProCurve Switch 5308xl"
ip access-list extended "AllowedServers"
permit ip 0.0.0.0 255.255.255.255 10.11.0.102 0.0.0.0
permit ip 0.0.0.0 255.255.255.255 10.11.0.106 0.0.0.0
permit ip 0.0.0.0 255.255.255.255 10.11.0.132 0.0.0.0
permit ip 0.0.0.0 255.255.255.255 10.11.0.1 0.0.0.0
exit
module 1 type J4907A
module 2 type J4907A
module 6 type J4878B
module 3 type J4878B
module 4 type J4878B
module 5 type J4878B
ip default-gateway 10.11.0.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged B1-B16
ip address 10.10.0.254 255.255.0.0
no untagged A1-A16,C1-C4,D1-D4,E1-E4,F1-F4
exit
vlan 2
name "Servers"
untagged A1-A16
ip address 10.11.0.254 255.255.0.0
ip access-group "AllowedServers" out
exit
vlan 3
name "Staff"
untagged C1-C4,D1-D4,E1-E4
ip address 10.12.0.254 255.255.0.0
exit
vlan 4
name "Students"
untagged F1-F4
ip address 10.13.0.254 255.255.0.0
exit
gvrp
ip route 0.0.0.0 0.0.0.0 10.11.0.1
password manager
Thanks for any advice
Tony
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-06-2006 01:18 PM
тАО04-06-2006 01:18 PM
Solutiona) issue a standard DNS query (nslookup/host/dig) on a client, asking for something which is not local. If you get no reply, probably the DNS server cannot access the external DNS servers. Using the "trace" mode of dig (dig +trace
b)
- find the IP of an external target (I tend to use www.yahoo.com): host www.yahoo.com
- traceroute -n to the IP from step 1 (-n stands for DNS queries).
For instance:
#host www.yahoo.com
www.yahoo.com is an alias for www.yahoo.akadns.net.
www.yahoo.akadns.net has address 216.109.118.74
[...]
#traceroute -n 216.109.118.74
traceroute to 216.109.118.74 (216.109.118.74), 30 hops max, 46 byte packets
1 192.168.1.1 0.660 ms 0.322 ms 0.267 ms <= my router
2 82.76.245.73 17.055 ms 16.549 ms 21.507 ms <= my ISP's router
3 194.102.81.185 30.404 ms 18.172 ms 16.509 ms
4 194.102.81.1 22.244 ms 16.705 ms 11.774 ms
[...]
Now examine the last hop in the traceroute. If packets pass thru the firewall and reach your ISP, the problem is definitely the one I have described above.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2006 02:36 AM
тАО04-07-2006 02:36 AM
Re: Firewall as Default Gateway
Thanks again,
Tony.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2006 02:53 AM
тАО04-07-2006 02:53 AM
Re: Firewall as Default Gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2006 03:10 AM
тАО04-07-2006 03:10 AM
Re: Firewall as Default Gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2006 03:20 AM
тАО04-07-2006 03:20 AM
Re: Firewall as Default Gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2006 04:29 AM
тАО04-07-2006 04:29 AM
Re: Firewall as Default Gateway
CCNP CIT Exam Self-Study: Selecting a Troubleshooting Approach
http://www.ciscopress.com/articles/printerfriendly.asp?p=102211
Try to debug all the part of you network separately, but not at the same time. That's it. Make sure that the only one PC connected to the inside firewall interface have the internet. Than connect all the other infrastructure and go dipper.
I'm also advise you to use sniffer. You will find that is simple any powerfull tool. I recommend you to use Packetyzer (that is Free and user friendly Ethereal version)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2006 10:35 PM
тАО04-09-2006 10:35 PM
Re: Firewall as Default Gateway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-08-2006 04:14 AM
тАО05-08-2006 04:14 AM
Re: Firewall as Default Gateway
I had this problem when setting up our Layer 3 Infrastructure with the 5308xl-48G.
Our Firewall had an IP Address in the Server VLAN with a 0.0.0.0 0.0.0.0 route to it on the Layer 3 Switch.
Our inbound/outbound internet connections, web sites we hosted, e-mail, terminal server, VPN, etc. would constantly time out every 10 - 15 minutes.
We had to create a seperate VLAN for only the firewall.
This cured all the problems we were having.
When you moved your firewall to the default_Vlan this in essence was what you needed to do.
We never use the DEFAULT_VLAN (VID 1) and most admins prefer their setups this way.
Hope this helps.
Mike D.
Network/Systems Administrator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2006 11:18 PM
тАО05-09-2006 11:18 PM
Re: Firewall as Default Gateway
Tony.