[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | SEAL | 
|  | 
| Moderator: | GALVIA::SMITH | 
|  | 
| Created: | Mon Mar 21 1994 | 
| Last Modified: | Fri Jun 06 1997 | 
| Last Successful Update: | Fri Jun 06 1997 | 
| Number of topics: | 1989 | 
| Total number of notes: | 8209 | 
1794.0. "passing netbios?" by CSC32::D_LOWRY () Thu Feb 13 1997 20:00
    Has anyone tried to pass netbios thru the firewall?
    
    I have a multi-system firewall, gatekeeper and gate, and am trying to
    pass the netbios ports, 137,138, and 139 thru screend on the gatekeeper
    system, avfu, 2.0 by putting inthe following
    
    between host rr.rr.rr.rr tcp port 139 and host bb.bb.bb.bb tcp port
    not-reserved accept;
    
    also tried to do similar things for port 137 and 138, only using udp
    
    I have tried as an experiment
    between host any and host any udp port any accept log;
    and the same for tcp, still can't see any logging to the ports 137, 138
    and 139 on the daemon.log for the gatekeeper.
    
    we see an initial request sometimes in the gate daemon.log for port
    139, but that is all...
    
    does gatekeeper just thru these requests on the ground, because of the
    port numbers?
    
    Would using a gxd work?
    
    speaking of gxd's, when will we get a many to one gxd application that
    doesn't have to be kluged under the covers?
    
    Thanks,
    
    Dan Lowry
    
    
| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 1794.1 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Fri Feb 14 1997 06:39 | 8 | 
|  | Is IP routing set up correctly?  Each node must have a route to the other's
subnet pointing to the relevant side of gatekeeper/gate.  Gate must also have a
route to the outside subnet pointing to the inside of gatekeeper.
If you're only seeing the outbound packet, it suggests that the routing is wrong
inbound ...
T
 | 
| 1794.2 | Is a tunnel out of the question? | PMESD::BEABES |  | Fri Feb 14 1997 10:32 | 9 | 
|  | I have set up group to group, and client to group tunnels to successfully pass netbios.  The configurations were
straight forward.  This in my opinion is a lot safer that trying to rely on the secruity of a PC even WNT to
protect the bluenet from the outside.  Authenticated port usage would probably be the only way to secure the
netbios server/client and would be almost as costly and less versatile, when compared to the tunnel.
I believe yours in Cleveland, the one that I observed would easily pass the netbios protacol.
Ernie
 | 
| 1794.3 | works on Gate (SEAL) config | SEAWLF::COLE | Digital NSIS, Greenbelt, Maryland | Thu Feb 20 1997 11:36 | 10 | 
|  | 
	Dan,
		I have it working on the Gate (SEAL) configuration
	in my facility so web developers can push content out to
	an NT Webserver.  
	...larry 
    
 |