Great Circle Associates Firewalls
(March 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Firewalls and NFS
From: chris @ visionware . co . uk (Chris Davies)
Organization: VisionWare Ltd., Leeds, UK
Date: Wed, 17 Mar 1993 15:02:12 GMT
To: greatcircle . com!firewalls @ visionware . co . uk
Apparently-to: firewalls @ greatcircle . com

It appears that we're well on the way to getting a shiny new internet
connection (our first, I hasten to add :-)

I'd really appreciate it if some of you people who're familiar with
firewalls, etc, could point out the flaws (or otherwise) in the
following scenario.

1.  Our external point of contact will be through a Xyplex Brouter
    (running MAXserver Bridge s/w).  Am I correct in calling this a
    firewall if I put enough IP packet filters on it?

2.  We'd like to block all incoming access to all machines except our
    gateway.  Telnet, SMTP, NNTP, FTP, and DNS lookup requests should
    be permissible to the gateway only.  To reach an internal machine
    it would be necessary to login to the gateway and then
    rlogin/telnet again from there.  This is because not all of our
    machines may have passwords on all the accounts (we do a lot of
    Unix development here).

3.  Any machine on our internal network should be able to initiate an
    outgoing session to any external service.

Our US office has plans to get an internet connection too, but we don't
want to have a (very expensive) leased line between here and there,
since we can get a share of the (low) bandwidth available over other
commercial international lines.  Accordingly,

4.  It would be real nice if users on our US office network could drive
    straight through our gateway as if it weren't there.

5.  We'd really like some sort of (very lightly used) network file
    system to be available between one of our local hosts and a host on
    the specific remote network.  Does Sun-NFS work over long distance
    internet connections (i.e. are the packets normally blocked)?

Am I just talking blue sky or does this appear to be reasonable?
            VISIONWARE LTD, 57 Cardigan Lane, LEEDS LS4 2LE, England
  Tel +44 532 788858 x238.  Fax +44 532 304676.  Email chris @
 visionware .
 co .
---------- "VisionWare:   The home of DOS/SQL/UNIX/X/VMS integration" ---------

Indexed By Date Previous: Re: Packet filtering and FTP
From: bdboyle @ maverick1 . erenj . com (Bryan D. Boyle)
Next: fix for Sun's itelnet
From: shj @ ultra . com (Steve Jay {Ultra Unix SW Mgr})
Indexed By Thread Previous: Re: Packet filtering and FTP
From: "David I. Dalva" <dave @ TIS . COM>
Next: Re: Firewalls and NFS
From: Bill Wohler <wohler @ hw1175 . sap-ag . de>

Search Internet Search