Details on Sidewinder RPC proxy support?

[Chris Shenton <cshenton () uucom com>]

I have a client who is plans to run RPC across their firewall and
believes that SideWinder's recently added RPC proxy may solve all
their problems. Worse, they want to run CORBA in the future, across
the firewall, through the "extranets", across the wan, over the river
and through the woods for all I can tell.

I've not been terribly keen to architect systems this way and would
prefer they put the two machines which (currently) need to speak RPC
on the inside of the firewall. (It's just a app server talking to a
database, after all!).  I think you'd have to have a fairly
sophisticated RPC proxy to track portmapper requests/responses.
Further, if you wanted to keep out hostile traffic rather than simply
act like a stateful packet filter, you'd have to get into the
application layer and examine for hostile requests.

I've read the SideWinder Tech Brief document at
http://www.sctc.com/SW41TechBrief.zip where it says:

    The Sun RPC proxy mediates requests from an RPC client to a server's
    portmapper process. The Sun ONC RPC format is supported. This feature
    will allow client/server applications to communicate securely through
    the firewall.

I need to know how much detail the firewall examines, how fine grained
I can tighten down the RPC proxy on Sidewinder.

* can I retrict certain from/to hosts and ports?
* can I restrict to specific portmapper service numbers?
* can I permit/deny certain RPC commands

Any other thoughts on how to improve security here if they won't let
me re-architect?

Thanks for your help.