Re: [suse-security] PC-Anywhere broken by firewall 1.4
Hi, so it's like this? you--->(dialup)--->internet---->your-firewall--->nt_server ? no wonder that pc-anywhere doesn't work :) because you are using non-public ip addresses on the inside, this can't work. there are ways to do this, but this is pretty complex. if it looks like this: (internal network) you--->your-firewall--->nt_server (plus internet here) it should work without problems. this config is wrong anyway: FW_TCP_ALLOW_INCOMING_HIGHPORTS="ftp-data 5632" better use "yes" for both TCP and UDP. the risks are not really bigger than using "ftp-data" and "dns", and more protocols/tools will work. Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
Yes, this works:
(internal network) you--->your-firewall--->nt_server (plus internet here) it should work without problems.
this config is wrong anyway: FW_TCP_ALLOW_INCOMING_HIGHPORTS="ftp-data 5632" better use "yes" for both TCP and UDP. the risks are not really bigger than using "ftp-data" and "dns", and more protocols/tools will work.
Thanx, Bernhard
participants (2)
-
marc@suse.de
-
Security