[j-nsp] (no subject)
Niels Bakker
niels=juniper-nsp at bakker.net
Tue Apr 15 11:36:18 EDT 2008
* cscosunny at gmail.com (cscosunny) [Tue 15 Apr 2008, 15:29 CEST]:
>I have a routing question
>
>I have a firewall 5gt Ethernet1 is 192.168.30.1/16 and mail server is
>192.168.0.240/16
>
>5gt pings mail server and vice versa in my pc I have 192.168.30.10/16
>and I have connectivity to the mail server but when mask is /24 in my pc
>I cannot ping mail server.
>
>I understand that I change network with /24 but 5gt is /16 I cant
>understand the problem.
Assuming you have the 5GT configured as default gateway on your PC, when
you send it packets destined for the mail server it will forward the
packet and send you an ICMP Redirect. (Or not, but a router would)
The mail server will, upon sending out an ICMP reply, send an ARP
request for your IP address (because it is directly connected according
to its netmask).
However, your PC cannot answer that ARP request as it comes from a host
it does not consider local (again according to your PC's differently
configured netmask). So the mail server cannot answer as it does not
know the MAC address to send the reply to.
A packet sniffer would have instantly told you this.
-- Niels.
--
More information about the juniper-nsp
mailing list