SUMMARY: Checkpoint Blocking Solaris

From: <Andrew_Rotramel_at_cch-lis.com>
Date: Fri Jul 30 2004 - 13:24:51 EDT
David Harrington sent me the simple solution of having this configuration
in my nsswitch.conf file:



hosts: dns files



instead of



hosts: files dns



It is one of those simple things I would never have thought of.



Andrew








Andrew_Rotramel@cch-lis.com@sunmanagers.org on 07/30/2004 11:54:27 AM

Sent by:    sunmanagers-bounces@sunmanagers.org


To:    sunmanagers@sunmanagers.org
cc:

Subject:    Update: Checkpoint Blocking Solaris


Thanks for the many, many responses. The main thing that is clear is that I
did not describe the problem well enough.

1. DNS seems to work, meaning nslookup works. I get compatible info whether
I do nslookup domain or nslookup IP. I can browse to the addresses I get
from the DNS server.

2. I had no trouble browsing by name before the security folks installed
the Checkpoint firewall

3. the DNS servers are inside the Checkpoint firewall

4. There are Windows boxes, mostly Win2000, on the same subnet, using the
same DNS server, and they have no
problem at all.

5. I do not have a proxy server configured in my browser

6. My /etc/resolv.conf and nsswitch.conf files are configured correctly.

7. I have done some nslookup searches on names that I don't think would be
in the DNS server cache, namely the domains that many of the initial
responses came from, and I get non-authoritative resolution on them all.
That tells me that the DNS server is probably getting beyond the Checkpoint
firewall.

8. traceroute and ping are both disabled at our routers

One bit of summary I will do now is say that no one has ever heard of this
sort of problem with Checkpoint.






Andrew_Rotramel@cch-lis.com@sunmanagers.org on 07/29/2004 04:59:11 PM

Sent by:    sunmanagers-bounces@sunmanagers.org


To:    sunmanagers@sunmanagers.org
cc:

Subject:    Checkpoint Blocking Solaris


I have already checked the archive and Google.

My security folks installed a Checkpoint firewall on Nokia hardware this
weekend, and now my desktop Solaris 9 box can no longer get to URLs on the
other side of that firewall. It can, however, get to IP addresses on the
other side of the firewall. This means that I can't browse to www.sun.com,
or ftp to ftp.sun.com, but I can browse to  209.249.116.195 or ftp to
192.18.99.146. Unfortunately, most web sites don't work that way. My
security folks seem to have no idea how to fix this, but one of them
thought there was a Checkpoint glitch involving Solaris boxes. So, anyone
solve this one?

Andrew Rotramel
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
 http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
 http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Jul 30 13:25:42 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:36 EST