[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] securemote+ip pool nat+ X11
Yeah, ssh is much easier, but we have users who are strictly click and drool, that would have no idea how to maneuver in a command line mode :) Scott -----Original Message----- From: Paul Cardon [mailto:[email protected]] Sent: Friday, December 21, 2001 2:48 PM To: [email protected] Subject: Re: [FW-1] securemote+ip pool nat+ X11 Or use ssh with X11 forwarding and avoid all that configuration nastiness. -paul Davis, Scott wrote: > It took me a long time, but I finally got it to run. Here are the steps I > used to make it work. I got them from a collections of news groups, > checkpoint and phoneboy. > > 1. Make sure the Exceed X-Server is running on the client. > 2. Create a service of type Other, in the match field enter > "tcp,dport>=6000,dport<=6063,<dst,0> in userc_rules" > 3. Create a rule Source = X-Servers Destination = NAT Pool IP's Service = > Name of the Service Created in Step 2 And X11. > 4. Create a script file on the X-Server with the following lines : > #!/bin/ksh > /bin/ksh /usr/dt/bin/Xsession -display `who am i | sed -e "s/^.*(//" > -e "s/).*/:0/"` > > 5. Add the line " DISPLAY=`who am i | sed -e "s/^.*(//" -e "s/).*/:0/"` " to > your .profile (Solaris Only) or whatever file you use for environmental > variables. > 6. Create a new XStart on the client with the following configurations : > Start Method - Telnet > Program Type - X Window > Login - user id > Password - Password > Host - Name or IP of the X Server > Host Type - Type of Unix > Command - /home/user/script file created in step 4 > > Here is how it all works. Step 1, you have to have the X-Server listening on > the Client for the connections back from the X-Server. Step 2 create service > for Step 3 (Duh !) Step 3 This allows the connections back from the X-Server > to the client. Step 4 this was the problem for me, the X-Server kept trying > to display back to itself the X Session. This line pulls the NAT pool IP > address from the client connection and uses it for the display. Step 5 also > puts this into the environmental variable, In my case something in the > X-Server was also using this variable, you may not need it. Step 6 is > setting up the client to use the script you created in step 4. Hopefully if > all will work after this. On a side note, we had clients using the Linksys > router/firewall, they had to take an additional step of mapping ports > 6000-6063 to the IP address of the client machine to make it work. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|