Configuring a Cisco Router using Access Lists for use with PCsync - Search Again

 

SUMMARY

I'm concerned about using PCsync on my corporate network, and want to understand PCsync's Security features. Also, I'm also looking for information about how I can configure my Cisco Router to allow PCsync to make secure connections. Can you help me?

 

CAUSE

See Technical Document 303, Using PCsync in a Secure Environment for more information.

 

SOLUTION

Currently there is no proxy or stateful inspection mechanism for PCsync. Access is allowed by opening TCP ports 80, 8080, 8443 and 8444 to specific hosts or the network at the discretion of the security administrator.

For sites using NAT with private address space or NAT with port multiplexing, you will be unable to allow incoming PCsync connections. Sites using NAT and mapping their internal IP addresses to valid public addresses can, if they choose, set up static mappings for particular PCsync hosts to be reached from the outside. See Technical Document 305, How to Surf up to a computer behind a Router or Firewall for more information

For demonstration purposes, we will be referencing the private network 192.168.100.0/24 as our internal trusted network with all filtering relative to the public Internet. Implementation is similar for any external network.

For this example, we show how to permit PCsync to the host 192.168.100.45; permitting PCsync to connect to multiple hosts or an entire network is a trivial modification. This does not imply that hosts with private addresses can actually be reached from outside the trusted network, but is a safe example to use.

In privileged exec mode, create the following access-list (or append to an existing access-list) then apply the access-group to the external interface.

    access-list 110 permit tcp any 192.168.100.45 eq 8080

    interface ethernet0

    ip address 192.168.100.1

    access-group 110 in

Follow the same steps for ports 8443 and 8444.

 

 Related Articles

  Configuring a 'CheckPoint Firewall-1' for use with PCsync
  Configuring a 3Com Home Connect Wireless Gateway for PCsync Connections
  Configuring a Cisco PIX Firewall for use with PCsync Connections
  Configuring a NetGear Cable/DSL Router for use with PCsync
  Configuring an Axent Raptor Firewall for use with PCsync
  Configuring D-Link DI-701 Residental Gateway for PCsync Connections

 

Last updated: Wednesday, June 20, 2001

Article #344

Legacy Article #