Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Exceed/X11 in the Rulebase

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] Exceed/X11 in the Rulebase
From: "Joe Voisin (FW1)" <[email protected]>
Date: Wed, 28 Feb 2001 11:40:23 -0500
Sender: [email protected]

Would it not be easier for you to use the port forwarding in SSH?  At least
then you can control the hundreds of ports that X wants to use.  I haven't
had time to try this myself, but I have been thinking about it lately.  Most
SSHD's support X port forwarding so you can connect to an X server over port
22.... 

Anyone have more information on this.

Joe

=====================================================================
Joseph Voisin, Systems and Network Administrator, Engel Canada Inc. 
www.engelmachinery.com | [email protected] |=====================================================================

 -----Original Message-----
From: 	[email protected] [mailto:[email protected]] 
Sent:	Wednesday, February 28, 2001 10:27 AM
To:	[email protected]
Subject:	[FW1] Exceed/X11 in the Rulebase


According to my knowledge tge PC which is using Exceed to open a display on
a U**x system is the XServer ... and the U**x System is the XClient in that
case. That means the rule should look like this:

U**x	PC	X11	Accept

Is that right ??

XProtocols have a portrange > 6000. That means the underlying usage
(Exceed-config calls that "Command" like telnet, ssh can not be
tracked/known by the state tables of Firewall1, so I need an extra ruke like
this:

PC	U**x	telnet	Accept

Is that right. Does the Exceed connection with the telnet command really
need these two rules or does it simply need:

PC	U**x	X11	Accept 

Thanks for comments and advice,
--Joerg





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: AW: [FW1] Exceed/X11 in the Rulebase
Next by Date: [FW1] userc.C parameters
Previous by thread: RE: [FW1] Exceed/X11 in the Rulebase
Next by thread: RE: [FW1] Exceed/X11 in the Rulebase
Index(es):
- Date
- Thread