It appears that we're well on the way to getting a shiny new internet
connection (our first, I hasten to add :-)
I'd really appreciate it if some of you people who're familiar with
firewalls, etc, could point out the flaws (or otherwise) in the
1. Our external point of contact will be through a Xyplex Brouter
(running MAXserver Bridge s/w). Am I correct in calling this a
firewall if I put enough IP packet filters on it?
2. We'd like to block all incoming access to all machines except our
gateway. Telnet, SMTP, NNTP, FTP, and DNS lookup requests should
be permissible to the gateway only. To reach an internal machine
it would be necessary to login to the gateway and then
rlogin/telnet again from there. This is because not all of our
machines may have passwords on all the accounts (we do a lot of
Unix development here).
3. Any machine on our internal network should be able to initiate an
outgoing session to any external service.
Our US office has plans to get an internet connection too, but we don't
want to have a (very expensive) leased line between here and there,
since we can get a share of the (low) bandwidth available over other
commercial international lines. Accordingly,
4. It would be real nice if users on our US office network could drive
straight through our gateway as if it weren't there.
5. We'd really like some sort of (very lightly used) network file
system to be available between one of our local hosts and a host on
the specific remote network. Does Sun-NFS work over long distance
internet connections (i.e. are the packets normally blocked)?
Am I just talking blue sky or does this appear to be reasonable?
VISIONWARE LTD, 57 Cardigan Lane, LEEDS LS4 2LE, England
Tel +44 532 788858 x238. Fax +44 532 304676. Email chris @
---------- "VisionWare: The home of DOS/SQL/UNIX/X/VMS integration" ---------