Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Exceed/X11 in the Rulebase

To: [email protected], [email protected]
Subject: Re: [FW1] Exceed/X11 in the Rulebase
From: "Jesus Calvo Hernandez" <[email protected]>
Date: Wed, 28 Feb 2001 17:39:50 +0100
References: <[email protected]>
Sender: [email protected]

Hi Joerg

Exceed is quite weird because it makes a remote exec from the windows machine to the
unix server BEFORE the Xwindows session is opened; then the unix machine responds to
the windows opening a Xwindows session. So you must also permit rexec  (port 512
tcp) from the windows machine to the Unix Server, as well as X11 or any other
service you need to launch within exceed.

That´s the only way I have been able to make it work through a firewall.

Best regards



[email protected] wrote:

> According to my knowledge tge PC which is using Exceed to open a display on
> a U**x system is the XServer ... and the U**x System is the XClient in that
> case. That means the rule should look like this:
>
> U**x    PC      X11     Accept
>
> Is that right ??
>
> XProtocols have a portrange > 6000. That means the underlying usage
> (Exceed-config calls that "Command" like telnet, ssh can not be
> tracked/known by the state tables of Firewall1, so I need an extra ruke like
> this:
>
> PC      U**x    telnet  Accept
>
> Is that right. Does the Exceed connection with the telnet command really
> need these two rules or does it simply need:
>
> PC      U**x    X11     Accept
>
> Thanks for comments and advice,
> --Joerg
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Sema Group. 
If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
------------------------------------------------------------------



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Exceed/X11 in the Rulebase
  - From: [email protected]

Prev by Date: [FW1] userc.C parameters
Next by Date: RE: [FW1] userc.C parameters
Previous by thread: Re: [FW1] Exceed/X11 in the Rulebase
Next by thread: RE: [FW1] Exceed/X11 in the Rulebase
Index(es):
- Date
- Thread