Limits of using Conduits 2

[jcanfer]

I'm using PIX 6.0 and I have the following conduit setup;

conduit permit tcp host xxx.xxx.xxx.xxx eq smtp any

Now is this going to let absolutely anyone use it to pass smtp through the conduit or can I restrict it so smtp traffic can only come from one source (IP address)? Or am I completely missing the point here!?

Thanks

Jim

 

[Flibble]

I thought that conduits has been deprecated in favour of ACLs from version 5.x.x onwards?

 

[Bluecrack]

You are correct about ACLs being the preferred method. The following excerpt comes from the PIX 6.0 Command Reference.

Note The conduit command has been superseded by the access-list command. We recommend that you migrate your configuration away from the conduit command to maintain future compatibility.

Bluecrack

 

[cgorme]

The "any" statement at the end of the line allows anyone to use this port. You can replace this with either a particular host or network.

Examples:

conduit permit tcp host a.b.c.d eq smtp host e.f.g.h
will allow only host at e.f.g.h to use this conduit

conduit permit tcp host a.b.c.d eq smtp e.f.g.h 255.255...
will allow any host on the e.f.g.h network use this
conduit (The last part of the line is the network mask).

Hope This helps.