Re: [PLUG] CheckPoint Firewall

Jason Costomiris on Thu, 27 Jan 2000 16:48:38 -0500 (EST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] CheckPoint Firewall

From: Jason Costomiris <jcostom@jasons.org>

To: plug@lists.nothinbut.net

Subject: Re: [PLUG] CheckPoint Firewall

Date: Thu, 27 Jan 2000 16:51:12 -0500

Reply-to: plug@lists.nothinbut.net

Sender: plug-admin@lists.nothinbut.net

On Thu, Jan 27, 2000 at 03:41:06PM -0500, Charles Stack wrote: : We are installing this on a Win98 machine that is connected to the internet : via a Linux box (RH 6.1/IP Masquarade) and SDSL. : : I don't userstand exactly what your checklist means to me. Is there : something I need to do on the Linux box to make this work OR is all the work : on the Firewall side? Yes, on both sides. This is your setup: Win98 Remote Client----Linux/ipmasq--SDSL---Internet----FW-1----Server Machine Those packets are passing through both ipmasq and FW-1. So, yes, both. You won't be able to use SecureClient from behind ipmasq. Why? ipmasq doesn't work on generalized ip protocols. You'll want to rethink using ipmasq. The same goes for SecuRemote. Set up ipmasq rules that do something like: Src Dst Svc Action --------------------------------------------------- External Internal (specified group) Permit External Internal Any Drop Internal External Any Permit And for your other question, no, no entries in /etc/services. That file is nothing more than a reference, not a place to define what kind of traffic a box can grok. : 256/tcp must be permitted from the remote client to the : *management console*. Most people believe (incorrectly) that you : communicate with the firewall module to get keys and site info. You are : actually talking to the MC. : : 259/udp *both ways* between the firewall module and the remote client. : This is used to authenticate and negotiate FWZ session keys. : : 500/udp *both ways* between the firewall module and the remote client. : This is used when negotiating ISAKMP keys. : : ip_p 94 *both ways* between the firewall module and the remote client. : This is for FWZ packet encapsulation (if you're using that) : : ip_p 50 *both ways* between the firewall module and the remote client. : This is used by ISAKMP. -- Jason Costomiris <>< Technologist, cryptogeek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ ______________________________________________________________________ Philadelphia Linux Users Group - http://plug.nothinbut.net Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce General Discussion - http://lists.nothinbut.net/mail/listinfo/plug

References:

Re: [PLUG] CheckPoint Firewall
From: Jason Costomiris <jcostom@jasons.org>

RE: [PLUG] CheckPoint Firewall
From: "Charles Stack" <charles@codycomp.com>

Prev by Date: RE: [PLUG] CheckPoint Firewall

Next by Date: [PLUG] request for help in testing something...

Previous by thread: RE: [PLUG] CheckPoint Firewall

Next by thread: RE: [PLUG] CheckPoint Firewall

Index(es):

Date

Thread