[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] RPC Problems on 4.0
I'm having some problems with RPC rules on an ol' 4.0 <mumble-mumble> firewall. I have a set of custom RPC services in the rule. That is, it's a bunch where I manually entered the program numbers. The rule looks something like, client-network rpc-server rpc-prog1 accept rpc-prog2 ... The problem is that it doesn't seem to poke the holes in the firewall for the connections to pass. And yes, I have enabled RPC rules in the "Properties" settings. I run snoop (yes, a Solaris host) on the firewall to see what is going on. I see the RPC portmap request come in from the client. And I see the server respond with the TCP port number for this service. The client tries to connect, but nothing. The firewall drops the TCP connection attempts. But notice that it _did_ let the portmap request through. And the portmap request is passing, according to the logs, on this rule, and only portmap requests for the specified RPC program numbers are allowed to pass, other portmap requests don't match the rule. That is what's got me confused. Things seem to be kinda working, the portmapper requests on 111/udp are passed on the right rule and only for the right programs. But they aren't working completely, the firewall doesn't let the incoming connection go through on the port that the portmapper told the client about. >From all I've read in the documentation and from testing on some another Check Point firewall, it seems like this should work. Anyone see something that I am missing? Or have some ideas on what I need to check? Are there some old bugs biting me? -- Crist J. Clark [email protected] Globalstar CommunicationsThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|