Firewall Wizards mailing list archives
Re: Transparent vs. Non-transparent AGs/SPFs/whatever
From: Bill_Royds () pch gc ca
Date: Wed, 23 Sep 1998 12:48:32 -0400
So here's my question: If I want transparency, am I essentially stuck trying to determine protocol strictly by port number? If I want to permit people out to arbitrary port numbers, am I stuck with the equivalent of a circuit-level proxy? Ryan Actually an Application Gateway can handle protocols even better because it can restrict the use of protocols to one defined by the firewall rules. The proxy server is not determined by the port but by the mapping between IP,Port and proxy. AG's run transparently if they are are the one the pip between protected network (inside) and unprotected Internet (outside). All default routes of inside network, whether default gateway or router defaults point to inside NIC of firewall. For your example, thee firewall rules then say if that if any traffic comes in from inside NIC for port 2300 it will be proxied as telnet. No other service will be allowed on port 2300. Similarily for external traffic. Since there are 2 sessions on firewall for each connection (from inside to firewall, from firewall to external server), you can even change the port on the way through or even change the protocol (always change ftp to ftp-PASV running under http). You are not restricted to carrying the same packets on each side of the firewall.
Current thread:
- Transparent vs. Non-transparent AGs/SPFs/whatever Ryan Russell (Sep 23)
- why isn't there a newer linux fw-howto Bárány Sándor (Sep 24)
- Re: why isn't there a newer linux fw-howto Stefan Laudat (Sep 25)
- Re: why isn't there a newer linux fw-howto Kevin Steves (Sep 29)
- RE: why isn't there a newer linux fw-howto Andy Burns (Sep 30)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Woody Weaver (Sep 25)
- <Possible follow-ups>
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Bill_Royds (Sep 24)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Stephen P. Gibbons (Sep 25)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Ryan Russell (Sep 24)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Bill_Royds (Sep 25)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Ryan Russell (Sep 29)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Stephen P. Gibbons (Sep 29)
- Re: Transparent vs. Non-transparent AGs/SPFs/whatever Ryan Russell (Sep 29)
- why isn't there a newer linux fw-howto Bárány Sándor (Sep 24)