Firewall Wizards mailing list archives
Re: Gauntlet source IP address re-write question
From: "Dale Lancaster" <dlancaster () raptor com>
Date: Tue, 10 Nov 1998 00:26:22 -0600
-----Original Message----- From: Joseph S D Yao <jsdy () cospo osis gov> To: esteban () ceap net <esteban () ceap net> Cc: firewall-wizards () nfr net <firewall-wizards () nfr net> Date: Monday, November 09, 1998 1:21 PM Subject: Re: Gauntlet source IP address re-write question
Raptor, on the other hand, in the last release of their software
implemented a
whole scale transparency that does accomplish maintaining the source IP
address
of connections coming across the proxies. Is there really no such
comparable
option in Gauntlet? Can you turn off source IP address re-write? Maybe I
missed
something.Raptor enables wholesale transparency of your network, letting people outside route anything THEY want to anywhere on your network. This is why we don't like it and don't use it. Gauntlet transparency does the same thing, to some degree. (Yes, as I understand it, for telnet, too.) You'll have to decide whether you feel comfortable exposing yourselves like that.
A correction is in order on this part of the topic discussion. The Raptor Firewall does NOT route anything - its an application level firewall -and - and it certainly does not route "anything"/everything by default. A more proper statement of capability is: The Raptor Firewall can be configured in several different ways for transparency. It ranges from NO transparency whatsoever (the old style firewall proxy look and feel), to complete transparency for both clients and servers on both sides of the firewall and/or some of each. In all cases, it still requires that a specific access rule be created that specifically allows which traffic is allowed to pass. Transparency is also selective on a per interface basis and can be for specific IP Addresses to whole subnets to the whole Universe. So, if anything, the Raptor Firewall offers a fairly broad range of choices, not a single mode that was implied in your email. Contact me privately if you want to discuss further. regards, dale
-- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Gauntlet source IP address re-write question, (continued)
- Re: Gauntlet source IP address re-write question Chris michael (Nov 09)
- Re: Gauntlet source IP address re-write question Joseph S D Yao (Nov 09)
- Re: Gauntlet source IP address re-write question Christopher Michael (Nov 09)
- Gauntlet and Transparency questions Steve George (Nov 10)
- Re: Gauntlet and Transparency questions Christopher Nielsen (Nov 11)
- Re: Gauntlet and Transparency questions Rick Murphy (Nov 11)
- Re: Gauntlet and Transparency questions Inno Eroraha (Nov 11)
- Re: Gauntlet and Transparency questions Frederick M Avolio (Nov 11)
- Re: Gauntlet and Transparency questions Chris Michael (Nov 12)
- Re: Gauntlet source IP address re-write question Christopher Michael (Nov 09)
- RE: Gauntlet source IP address re-write question Burgess, John (EDS) (Nov 10)
- Re: Gauntlet source IP address re-write question Dale Lancaster (Nov 10)
- Re: Gauntlet source IP address re-write question Bruce B. Platt (Nov 10)