RE: [FW1] Hide NAT

Tue, 30 May 2000 22:12:26 -0700 


Chad,

The port you are seeing the X return on is not the same port as you are
thinking about. Since you are using 5 machines on a Hide NAT, each machine
session (you can see it on the log window) needs some sort of unique id so
that the FW knows which session should come back to whom. So each Hide NAT
has a port (incrementing constantly) added to it, and this is the unique
identifier of the originating WS. If you think about it, if this was not the
case, what would happen is that WS's would start getting each others windows
and you'd have a whole mess. So this is what that port is.

Hope this helps.

Mike

> -----Original Message-----
> From: Chad Graham [SMTP:[EMAIL PROTECTED]]
> Sent: a iae 30 2000 21:33
> To:   Firewall
> Subject:      [FW1] Hide NAT
> 
> 
> 
> I have a direct connection to one of our vendors. I will have roughly (5)
> machines on our internal network that I want to allow connection to the
> vendors machine. I set this all up using hide NAT and everything works
> great, until I need to set DISPLAY back to the originating machine
> (Solaris 2.x). The connection is opened from the firewall, lets say
> port=10034 and when you try to run xterm (X11) it comes back from
> the vendor machine at port=2294. Is the vendor machine trying to open
> a new connection to us (not part of my orig telnet)? Does anyone know
> how I can get this to work w/ hide? If I set the connection up w/ static
> things work great, but the vendor will not allow anymore private address
> into their network and I dont want to waste (5) registered addresses for
> static NAT.
> 
> Any suggestions would be appreciated.
> 
> Thanks,
> 
> Chad Graham
> CDI Engineering
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to