}
UNIX Remote-Shell Services
Three protocols form the basis for UNIX remote-shell services:
•
Exec—Remote command execution; enables a user on the client system to execute a
command on the remote system. The first command from client (rcmd) to server (rshd)
uses well-known TCP port 512. A second TCP connection can be opened at the request
of rcmd. The client port number for the second connection is sent to the server as an
ASCII string.
•
Login—Better known as rlogin; uses well-known TCP port 513. For details, see RFC 1282.
No special firewall processing is required.
•
Shell—Remote command execution; enables a user on the client system to execute
a command on the remote system. The first command from client (rcmd) to server
(rshd) uses well-known TCP port 514. A second TCP connection can be opened at the
request of rcmd. The client port number for the second connection is sent to the server
as an ASCII string.
NAT remote-shell services require that any dynamic source port assigned be within the
port range 512 to 1023. If you configure a NAT pool, this port range is reserved exclusively
for remote shell applications.
The following is an example for configuring RSH ALG:
1. Creating NAT interface.
[edit]
services {
service-set set-rsh {
nat-rules nat-rsh;
interface-service {
service-interface ms-0/2/0;
}
}
2. Configuring NAT pool.
[edit]
services {
nat {
pool p-napt {
address 1.1.1.1/32;
}
}
}
3. Defining NAT rules for RSH ALG.
[edit]
services {
nat {
Copyright © 2017, Juniper Networks, Inc.1018
ACX Series Universal Access Router Configuration Guide
To Next Page
General
