[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to make a rule to allow telnet to the firewall?
Wen, Have you made a static route on the firewall to your other internal network? I can see you have a route on the client for the firewall-lan probably pointing at the router. You also need a similar route pointing in the other direction on the firewall. On the client you can normally make a default gw pointing to the router instead of having a route for each network, unless you have several routers located on the same subnet. Having a rule with Any with telnet access to the firewall is not recommended, but will work. Once you connect the firewall to the internet I suggest you restrict this rule, not allowing external hosts to connect to your firewall this way. Lars > -----Original Message----- > From: <Guangcheng Wen> [mailto:[email protected]] > Sent: Friday, August 16, 2002 08:13 > To: [email protected] > Subject: Re: [FW-1] How to make a rule to allow telnet to the > firewall? > > > Thank you so much for your advice. > > Lars.Troen> I guess you should put the Checkpoint cd in your > pc and go to the "/Docs/Check Point Suite/" directory. I > guess the document "Getting Started.pdf" would be a good > starting point, but there are also other useful documents in there ;-) > Aaron.Reynolds> You should run the GUI to modify rules. > > Yes, I am reading it and have succeeded in telneting the FW-1 > from a internal LAN which has the same network address with FW-1. > But I could not telnet the FW-1 from a internal LAN which has > a different network address with FW-1 yet. The two internal LAN are > connected to each other by a router. > The rule was made as follows, > No SOURCE DESTINATION SERVICE ACTION TRACK INSTALL ON TIME > 1 *Any FW-1 telnet accept Log FW-1 *Any > > FW-1 is in the network 192.168.20.0 and my client box > is in the network 10.8.46.0. > From my client box, > $route -n > 192.168.20.0 10.8.46.212 255.255.255.0 UG 0 > 0 0 eth0 > 10.8.46.0 0.0.0.0 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 > 0 0 lo > 0.0.0.0 10.8.46.254 0.0.0.0 UG 0 > 0 0 eth0 > > How to set a rule to allow my client from the network 10.8.46.0 > to telnet the FW-1 in the network 192.168.20.0? > Thank you so much for your consideration! > > Best regards, > > --Wen > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|