RE: [FW1] Xwindows through VPN

[Patrick Desnoyers <pdesnoye@FW1-NOSPAMmatrox.com>]

Title: Xwindows through VPN

With x, the client-server concept is reversed.The securemote client becomes the X server. So, the server behind your firewall is INITIATING connection to securemote client. To allow this, create a rule as follow : source "your X clients (servers)"  destination "any" service: create a new service (services, create new, other) and in match, add this line "tcp,dport>=6000,dport<=6063,<dst,0> in userc_rules" and action accept . Put that rule after your client encrypt rules.

 

This will allow the firewall to encrypt the packets back to securemote connections. (the in userc_rules verifies that the destination has a securemote connection open with the firewall)

 

 

Patrick Desnoyers

 

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Aylstock, Jeffrey
Sent: Tuesday, March 27, 2001 7:17 PM
To: 'Firewall Distribution List'
Subject: [FW1] Xwindows through VPN

Were having a slight problem opening x windows through our VPN solution.  We've set up a Nokia IP650 Firewall and are using Securemote to authenticate into the firewall.  Once in all telnet ablilities are there but when trying to bring up a window it will just timeout trying to send the information to the client.  My personal guess is that the Port defined for xwindows is locked out but i cant seem to trace the problem.  Anyone have this problem and a possible solution?

Thanks,

Jeff Aylstock
Western Integrated Networks.