Firewall Wizards mailing list archives
Details on Sidewinder RPC proxy support?
From: Chris Shenton <cshenton () uucom com>
Date: 24 Aug 1999 14:53:23 -0400
I have a client who is plans to run RPC across their firewall and believes that SideWinder's recently added RPC proxy may solve all their problems. Worse, they want to run CORBA in the future, across the firewall, through the "extranets", across the wan, over the river and through the woods for all I can tell. I've not been terribly keen to architect systems this way and would prefer they put the two machines which (currently) need to speak RPC on the inside of the firewall. (It's just a app server talking to a database, after all!). I think you'd have to have a fairly sophisticated RPC proxy to track portmapper requests/responses. Further, if you wanted to keep out hostile traffic rather than simply act like a stateful packet filter, you'd have to get into the application layer and examine for hostile requests. I've read the SideWinder Tech Brief document at http://www.sctc.com/SW41TechBrief.zip where it says: The Sun RPC proxy mediates requests from an RPC client to a server's portmapper process. The Sun ONC RPC format is supported. This feature will allow client/server applications to communicate securely through the firewall. I need to know how much detail the firewall examines, how fine grained I can tighten down the RPC proxy on Sidewinder. * can I retrict certain from/to hosts and ports? * can I restrict to specific portmapper service numbers? * can I permit/deny certain RPC commands Any other thoughts on how to improve security here if they won't let me re-architect? Thanks for your help.
Current thread:
- Details on Sidewinder RPC proxy support? Chris Shenton (Aug 24)
- <Possible follow-ups>
- RE: Details on Sidewinder RPC proxy support? Lee (Lockdown) Hughes (Aug 25)
- Re: Details on Sidewinder RPC proxy support? Ivan Arce (Aug 30)