Mohmed(first name?)
The telnet/23 is the destination port for the client(A). The
server(B) will be listening on port telnet/23. The client will
dynamically allocate a source port(usually >1023) to listen
on for return traffic. This is determined during the three way
handshake(TWH).
FW-1 will watch for this TWH and based upon your rulebase,
allow or deny the traffic. You will not have to create a rule for
return traffic as the fw will allow return traffic for this
connection.
So, your rule would be setup as:
Source Destination Service Action
A B Telnet Accept
You'll most likely log this as long so you can keep track of these
events.
I hope that helps.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Haji, Mohmed" <[EMAIL PROTECTED]> 6/20/00 5:48:35 AM >>>
>
>This may be a very trivial question but any help would be appreciated.
>
>Imagine there are 2 machines A and B. They are in the following config
>
>A----Firewall------B
>
>A needs to have telnet access to B
>
>So you would allow access across port 23 (TCP) on the firewall rulebase.
>
>Am I right in thinking that this constitutes the destination port on the
>packet that is sent from A to B? Or is it the source port?
>
>Also, on the packets sent from B to A. I assume the source and destination
>ports are randomly chosen. Is that correct?
>
>Thanks a lot for any help.
>Kind regards,
>Mohmed Haji
>Information Systems - Logica UK Ltd
>tel: +44 020 7446 2112
>fax: +44 (0)20 7468 7008
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
