Hello all. I need some advice from the experts around here.
I have a situation where I have a PIX with 4 interfaces. 2 are inside and
outside and 2 are considered DMZ1 and DMZ2. DMZ2 is a higher security than
DMZ1 (thus all traffic is permitted outbound from DMZ2 to DMZ1). We have
various machines on DMZ2 than need to access 2 servers on DMZ1 via X. For
some reason this is not working, and unfortunately, I am not a Unix guru and
know very little about X. My suspicion is that X requires that the target
machine (the server) be able to send data back to the clients, which of
course is being blocked by the firewall.
Here is a little diagram
Server2
DMZ2----PIX----DMZ1---[
Server1
So, what I am wondering is how to proceed. I am pretty sure that X uses TCP
and UDP 6000-6063. Based on that, one of my ideas is to setup a conduit as
follows:
Conduit permit tcp 172.16.0.0 255.255.255.0 range 6000 6063 host 172.16.1.2
Conduit permit udp 172.16.0.0 255.255.255.0 range 6000 6063 host 172.16.1.2
Conduit permit tcp 172.16.0.0 255.255.255.0 range 6000 6063 host 172.16.1.3
Conduit permit udp 172.16.0.0 255.255.255.0 range 6000 6063 host 172.16.1.3
The other idea is to use the established command, but I am not very familiar
with it's use.
Any ideas? TIA
Wes Noonan, MCSE/MCT/CCNA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
[EMAIL PROTECTED]
http://www.bmc.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
