Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] securemote+ip pool nat+ X11

To: [email protected]
Subject: [FW-1] securemote+ip pool nat+ X11
From: Jesus Calvo Hernandez <[email protected]>
Date: Thu, 20 Dec 2001 20:45:14 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all

I´ve got a somewhat complicated scenario where my users come into my
encription domain with securemote, and then are natted into a pool
so that no any ip address in the internet can access my machines, but only
those on the securemote pool (IP NAT POOL option on the gateway machine).

So far so good

But the problem arises when the users need to have exceed running to some
unix servers. The outgoing channel from the "client" side is ok, encrypted
and  the natting from the real ip to the pool ip works, unidirectional
services are ok (telnet, ftp...) but the return channel from the unix
machine to the exceed machine although is encrypted  is directed to the
real ip address of the exceed machine not the natted one.

There is when X11 breaks.

Is this scenario feasible, I mean nat and securemote with X11? I´ve
followed phoneboy document and created a rule for the return channel where
I´ve defined a service  of type other (tco,dport=6000,<dst,0> in
userc_rules) , source my unix machines, destination any action accept, but
till now no success.

Any hint?

best regards and thanks in advance

Jesus Calvo
SchlumbergerSema Spain
Albarracin 25
28037-Madrid

------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SchlumbergerSema.
If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
------------------------------------------------------------------

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] SecureRemote and Linksys router/firewall
Next by Date: Re: [FW-1] SecureRemote and Linksys router/firewall
Previous by thread: [FW-1] FW: [FW-1] Load averages on the Nokia platform
Next by thread: Re: [FW-1] securemote+ip pool nat+ X11
Index(es):
- Date
- Thread