Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

rsh and Firewall

136 views
Skip to first unread message

cjim...@my-deja.com

unread,
Jan 5, 2000, 3:00:00 AM1/5/00
to
Hi there!

I'm trying to make a rsh connection between two servers separated by a
Firewall (Cyberguard). I already open the port 514/tcp on the Firewall,
but I get the next message on the servers when trying to make the rsh:

socket: protocol failure in circuit setup.

I have NAT enabled on the Firewall, so the IP address of the internal
server is changed when passing trough the Firewall.

Thanks...
Cesar

Sent via Deja.com http://www.deja.com/
Before you buy.

ky...@tilapia.irngtx.bdi.gte.com

unread,
Jan 5, 2000, 3:00:00 AM1/5/00
to
One of the problems with rsh is that the return packets are on a different port than the originals. From what I can tell, the return packets are always on ports 1021-1023, although I haven't yet read the RFC to confirm the range.

So you may need to open these ports inbound (ie to the server from which the rsh commands are issued) through your firewall.

cjim...@my-deja.com wrote:
: Hi there!

: Thanks...
: Cesar

--
--
Kyle Maxwell
GTEDS EIPS
Adv Sys Engr (Firewall Security)
kyle.m...@telops.gte.com

cjim...@my-deja.com

unread,
Jan 6, 2000, 3:00:00 AM1/6/00
to
I opened the ports on the Firewall. It's working very well. Anyway I'm
going to confirm the range.

Thanks a lot for your help Kyle.

Greetings...
Cesar Jimenez

In article <850cip$3gj$1...@news.gte.com>,

ky...@tilapia.irngtx.bdi.gte.com

unread,
Jan 7, 2000, 3:00:00 AM1/7/00
to
I'd be interested to know what ports you find. All my reading is turning up nothing... :)

cjim...@my-deja.com wrote:
: I opened the ports on the Firewall. It's working very well. Anyway I'm

0 new messages