Re: [FW1] Exceed/X11 in the Rulebase

[Peter Goodridge <petegdr@FW1-NOSPAMyahoo.com>]

Hi Joerg,

If you have sshd on the unix box, and a ssh client
with x11 tunneling on the PC you can just run
x-windows though the ssh session, and you'll only need
to add one rule to the rule base.  On the other hand
you won't know what else is going though the ssh
tunnel since FW1 won't be able to see inside the
encrypted.

There is also a page on http://www.phoneboy.com/ on
how to run X11 though securemote.

HTH,
Pete
--- Joerg.Fritsch@tesion.de wrote:
> 
> According to my knowledge tge PC which is using
> Exceed to open a display on
> a U**x system is the XServer ... and the U**x System
> is the XClient in that
> case. That means the rule should look like this:
> 
> U**x	PC	X11	Accept
> 
> Is that right ??
> 
> XProtocols have a portrange > 6000. That means the
> underlying usage
> (Exceed-config calls that "Command" like telnet, ssh
> can not be
> tracked/known by the state tables of Firewall1, so I
> need an extra ruke like
> this:
> 
> PC	U**x	telnet	Accept
> 
> Is that right. Does the Exceed connection with the
> telnet command really
> need these two rules or does it simply need:
> 
> PC	U**x	X11	Accept 
> 
> Thanks for comments and advice,
> --Joerg
> 
> 
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================