[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] pcAnywhere from a 'hide' NAT'ed network
I may have misunderstood your question, but pcanywhere can be configured to
listen on different ports. There is a document on symantec's web site that
explains this. You change the registry
Close pcanywhere
Paste the follwoing into a file,e.g., pcanystdports.ini
HKEY_LOCAL_MACHINE
Software
Symantec
pcANYWHERE
CurrentVersion
System
TCPIPDataPort=REG_DWORD 5631
TCPIPStatusPort=REG_DWORD 5632
An use regini.exe from the NT Resource Kit to apply it,i.e.,
regini.exe pcanystdport.ini
This will change your ports to the standard ports. just change the numbers
as needed.
Bob
From: [email protected] (Carl E. Mankinen)
To: "John Hahn" <[email protected]>
CC: <[email protected]>
Subject: Re: [FW1] pcAnywhere from a 'hide' NAT'ed network
Date: Tue, 19 Sep 2000 13:24:54 -0400
Some services can't be used with port address translation.
You can setup an ip on the outside of the firewall, put an entry in the
local.arp file,
define a static route to route traffic to the proper interface where the
server can
be reached and define a static nat rule which preserves the "service"
number.
The NAT rule/s will actually require one for egress traffic to hide the
source address and
an ingress rule to fixup the destination address to the real address of the
server.
Probably have to do this on both sides, and define some rules in your
rulebase to
only allow PCAW traffic to flow between specific endpoints.
Works for me.
This stuff is covered pretty well at phoneboy.com or in the PDF doc from
checkpoint.
----- Original Message -----
From: "John Hahn" <[email protected]>
To: <[email protected]>
Cc: <[email protected]>
Sent: Tuesday, September 19, 2000 9:32 AM
Subject: [FW1] pcAnywhere from a 'hide' NAT'ed network
>
> Hi All,
>
> I'm not sure if this if a pcAnywhere question or just a 'hide' NAT
question.
>
> I have an external network (A.B.C.D/24 {a division of my parent company,
> connected via Frame Relay to my site})that I 'hide' behind a NAT entry
of
> (W.X.Y.Z/32). Folks in the A.B.C.D network are trying to use pc/Anywhere
to
> access a few servers that they built and maintain, and live within my
> building.
>
> The NAT rule converts the 'source' port from pcAnywhere's 5631 to port
10000
> (or above). The pcAnywhere running on the servers in my building don't
seem
> to know how to respond to incoming packets with a source port of 10000+.
>
> I've also seen this with other services going through a 'hide' NAT. FW
v4.0
> SP4, running on a Nokia platform w/ IPSO 3.2
>
> Any ideas would be appreciated.
>
> John E. Hahn
> [email protected]
>
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================