X11 does some stuff on its own with IP addresses that it thinks it should be talking to on the other side. I once tried to get an X11 communication open between an "inside" box with a private address and an "outside" box with a public address and wound up tearing through X11 configs and DNS spoofing on my test boxes to get it to stop complaining and... You get the idea. Basically you can't "hide NAT" with X11 because the two boxes are communicating with each other about their actually-configured IP addresses.
Long and short is that the FW may not be your problem, and even if it is at the moment, it isn't the only thing you're going to have to look at. I'd be checking the X11-related logs. Good luck. -----Original Message----- From: David Espinosa [mailto:seguridad.david@;CTV-JET.COM] Sent: Tuesday, October 22, 2002 1:39 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Strange nat behavior I'm using version 4.1 SP3. Fw doesn�t block packets, fw has its own ip and nat address is diferent but in the same network, published by arp. If i try any port out of 6000-6060 nat works well, but if i try "telnet ext_server 6018" nat is done to the fw ip. I made a specific nat rule for source, destination and service but is ignored. Thanks in advance. David Espinosa Juan [EMAIL PROTECTED] Wanadoo Espa�a - Seguridad de sistemas -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@;beethoven.us.checkpoint.com] En nombre de Lars Troen Enviado el: martes, 22 de octubre de 2002 0:54 Para: [EMAIL PROTECTED] Asunto: Re: [FW-1] Strange nat behavior David, Are you using FP3? It's blocking X11 by default when using Any services in a rule. It's documented in the release notes. Lars > -----Original Message----- > From: David Espinosa [mailto:seguridad.david@;CTV-JET.COM] > Sent: Monday, October 21, 2002 19:07 > To: [EMAIL PROTECTED] > Subject: [FW-1] Strange nat behavior > > > Hello, > > I'm trying to access from internal network to a external server at > port 6018 through hide nat mode, but when i try any port into range of > X11 service (6000-6060) nat does not work, it translates packets to > real fw ip. If i try any other port it works well. �Any idea? I have > no rules using X11 service. > > Thanks. Regards. > > David Espinosa Juan > [EMAIL PROTECTED] > Wanadoo Espa�a > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
