Printable version
Email this document

Did the information in this article help answer your question?

Yes   No
Did not apply

Additional Comments:

Configuring a Network Associates Gauntlet Firewall for use with LapLink

Document relates to:   LapLink Technical, LapLink Professional, LapLink Gold, LapLink 2000, LapLink Gold 11.x, LapLink NT, LapLink Classic

 

SUMMARY

I'm concerned about using LapLink products on my corporate network, and want to understand LapLink's Security features. Also, I'm also looking for information about how I can configure my Gauntlet firewall to allow LapLink to make secure connections. Can you help me?

 

SOLUTION

Currently there is no proxy or stateful inspection mechanism for LapLink. Access is allowed by opening TCP port 1547 to specific hosts or the network at the discretion of the security administrator. For sites using NAT with private address space or NAT with port multiplexing, you will be unable to allow incoming LapLink connections. Sites using NAT and mapping their internal IP addresses to valid public addresses can, if they choose, set up static mappings for particular LapLink hosts to be reached from the outside.

For demonstration purposes we will be referencing the private network 192.168.100.0/24 as our internal trusted network with all filtering relative to the public Internet. Implementation is similar for any external network.

For this example we show how to permit LapLink to connect to the host 192.168.100.45; permitting LapLink to connect to multiple hosts or an entire network is a trivial modification. This does not imply that hosts with private addresses can actually be reached from outside the trusted network, but is a safe example to use.

The Gauntlet Firewall now provides a GUI administration tool for configuring services, though all configuration information is stored in text files that may be edited directly if desired. Here we demonstrate how to permit LapLink to our internal host system by modifying the configuration files.

  1. Add the following line to the /etc/services file to identify our protocol
    LapLink 1547/tcp LapLink # LapLink Protocol

  2. Copy the Gauntlet proxy template script /usr/local/etc/mgmt/rc/template to /usr/local/etc/mgmt/rc/S1547laplink

  3. Edit the S1547laplink script and modify the following:
    TITLE=laplink-gw
    SERVICE="LapLink"
    PROXY=/usr/local/etc/plug-gw
    PORT=LapLink
    VARIABLE=LapLink_proxy
    ARGS="-as laplink-gw"

  4. Edit the netperm-table file to configure the rules for the LapLink proxy service by adding or modifying the following:
    # Add above policies
    laplink-gw: port LapLink * -plug-to 192.168.100.45 -port LapLink
    # Add to policies
    # Permit LapLink
    policy-laplink-gw_Untrusted: permit-proxy laplink-gw
    policy-laplink-gw_Untrusted: description LapLink host access


For additional information about LapLink's security features, see Technical Document 633: Overview for Configuring a Firewall or Router to Allow LapLink Connections and Using LapLink in a Secure Environment..

 

This Article can be found by searching for:

Keywords:   Security: FirewallConnections: Internet

Platforms:   WinMe, Win98/SE, WinNT, Win2K, Win95, WinXP

 

 Related Articles

  Configuring a 'CheckPoint Firewall-1' for use with LapLink
  Configuring a 3Com Home Connect Wireless Gateway for LapLink
  Configuring a Cisco 678 router for use with LapLink
  Configuring a Cisco 827 / 1700 / 2600 / 3600 Router for use with LapLink
  Configuring a Cisco PIX Firewall for use with LapLink
  Configuring a Linksys Broadband Etherfast Cable/DSL Router for use with LapLink

 

Last updated: Tuesday, October 02, 2001

Article #41

Legacy Article #2021