| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] How to make a rule to allow telnet to the firewall?
- To: [email protected]
- Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall?
- From: Lars Troen <[email protected]>
- Date: Fri, 16 Aug 2002 12:45:56 +0200
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcJFB5UBLE/xY9eWT6G3nR7Z15GVfQABuSEA
- Thread-topic: Re: [FW-1] How to make a rule to allow telnet to the firewall?
Wen,
Have you made a static route on the firewall to your other internal network? I can see you have a route on the client for the firewall-lan probably pointing at the router. You also need a similar route pointing in the other direction on the firewall.
On the client you can normally make a default gw pointing to the router instead of having a route for each network, unless you have several routers located on the same subnet.
Having a rule with Any with telnet access to the firewall is not recommended, but will work. Once you connect the firewall to the internet I suggest you restrict this rule, not allowing external hosts to connect to your firewall this way.
Lars
> -----Original Message-----
> From: <Guangcheng Wen> [mailto:[email protected]]
> Sent: Friday, August 16, 2002 08:13
> To: [email protected]
> Subject: Re: [FW-1] How to make a rule to allow telnet to the
> firewall?
>
>
> Thank you so much for your advice.
>
> Lars.Troen> I guess you should put the Checkpoint cd in your
> pc and go to the "/Docs/Check Point Suite/" directory. I
> guess the document "Getting Started.pdf" would be a good
> starting point, but there are also other useful documents in there ;-)
> Aaron.Reynolds> You should run the GUI to modify rules.
>
> Yes, I am reading it and have succeeded in telneting the FW-1
> from a internal LAN which has the same network address with FW-1.
> But I could not telnet the FW-1 from a internal LAN which has
> a different network address with FW-1 yet. The two internal LAN are
> connected to each other by a router.
> The rule was made as follows,
> No SOURCE DESTINATION SERVICE ACTION TRACK INSTALL ON TIME
> 1 *Any FW-1 telnet accept Log FW-1 *Any
>
> FW-1 is in the network 192.168.20.0 and my client box
> is in the network 10.8.46.0.
> From my client box,
> $route -n
> 192.168.20.0 10.8.46.212 255.255.255.0 UG 0
> 0 0 eth0
> 10.8.46.0 0.0.0.0 255.255.255.0 U 0
> 0 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0
> 0 0 lo
> 0.0.0.0 10.8.46.254 0.0.0.0 UG 0
> 0 0 eth0
>
> How to set a rule to allow my client from the network 10.8.46.0
> to telnet the FW-1 in the network 192.168.20.0?
> Thank you so much for your consideration!
>
> Best regards,
>
> --Wen
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
