Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] RSH and FW-1 4.1 SP6

To: [email protected]
Subject: [FW-1] RSH and FW-1 4.1 SP6
From: Mark Pace Balzan <[email protected]>
Date: Tue, 25 Feb 2003 18:30:17 +0100
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi All,

im having problems with rsh through the firewall (yes im aware rsh is not
the best security practise)

Setup: FW-1 4.1 with SP6 on SPARC Solaris 7 32bit

I have an rsh client and rsh server running on linux. when these are
connected on the same subnet, rsh between the two works perfectly well.

when i place the firewall between the two, everything works as expected,
except for rsh connections, that are either very slow (up to and over a
minute to respond), or doesnt work at all. telnet/ssh etc.. to both linux
boxen works ok

i initially put a rule on my fw:
src: client   dst: server   service: rsh(tcp 514)   action: accept   track:
long

In the logs i see the request going from client to server as accepted
I then see dropped traffic from the server back to the client.

Should I being seeing this at all in the logs ?
Am I wrong in thinking that the firewall should track the state of the rsh
connection, and recrdo it in the state table, like it does for other traffic
?  (Yes I enabled RPC Control in Policy -> Properties ...)

Since this is a test firewall, i then put a 'any any accept' rule to avoid
any problems with restrictive rules.

Now in the logs i see the traffic initiated to/from the client & server as
before, but all log entries are accept (due to my any any accept rule), and
I eventually get a reply to my rsh request (like 2 minutes later)!!!


Any idea what could be causing this slowness issue ?


Thanks in advance for any help


Mark

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] RSH and FW-1 4.1 SP6
  - From: Crist Clark <[email protected]>

Prev by Date: [FW-1] Redhat 7.3 & CPfw1-41.6-SP6.i386.rpm conflicts
Next by Date: [FW-1] Transparent User Auth?
Previous by thread: [FW-1] Redhat 7.3 & CPfw1-41.6-SP6.i386.rpm conflicts
Next by thread: Re: [FW-1] RSH and FW-1 4.1 SP6
Index(es):
- Date
- Thread