[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] securemote+ip pool nat+ X11
Hi all I´ve got a somewhat complicated scenario where my users come into my encription domain with securemote, and then are natted into a pool so that no any ip address in the internet can access my machines, but only those on the securemote pool (IP NAT POOL option on the gateway machine). So far so good But the problem arises when the users need to have exceed running to some unix servers. The outgoing channel from the "client" side is ok, encrypted and the natting from the real ip to the pool ip works, unidirectional services are ok (telnet, ftp...) but the return channel from the unix machine to the exceed machine although is encrypted is directed to the real ip address of the exceed machine not the natted one. There is when X11 breaks. Is this scenario feasible, I mean nat and securemote with X11? I´ve followed phoneboy document and created a rule for the return channel where I´ve defined a service of type other (tco,dport=6000,<dst,0> in userc_rules) , source my unix machines, destination any action accept, but till now no success. Any hint? best regards and thanks in advance Jesus Calvo SchlumbergerSema Spain Albarracin 25 28037-Madrid ------------------------------------------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SchlumbergerSema. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ------------------------------------------------------------------ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|