ACX Series Universal Access Router Configuration Guide
1018
}
UNIX Remote-Shell Services
Three protocols form the basis for UNIX remote-shell services:
Exec—Remote command execution; enables a user on the client system to execute a
command on the remote system. The first command from client (
uses well-known TCP port 512. A second TCP connection can be opened at the request
of
. The client port number for the second connection is sent to the server as an
rcmd
ASCII string.
Login—Better known as
No special firewall processing is required.
Shell—Remote command execution; enables a user on the client system to execute
a command on the remote system. The first command from client (
(
rshd
) uses well-known TCP port 514. A second TCP connection can be opened at the
request of
. The client port number for the second connection is sent to the server
rcmd
as an ASCII string.
NAT remote-shell services require that any dynamic source port assigned be within the
port range 512 to 1023. If you configure a NAT pool, this port range is reserved exclusively
for remote shell applications.
The following is an example for configuring RSH ALG:
Creating NAT interface.
1.
[edit]
services {
service-set set-rsh {
nat-rules nat-rsh;
interface-service {
service-interface ms-0/2/0;
}
}
Configuring NAT pool.
2.
[edit]
services {
nat {
pool p-napt {
address 1.1.1.1/32;
}
}
}
Defining NAT rules for RSH ALG.
3.
[edit]
services {
nat {
rlogin
; uses well-known TCP port 513. For details, see RFC 1282.
rcmd
) to server (
) to server
rcmd
Copyright © 2017, Juniper Networks, Inc.
rshd
)