chris,
what you're calling the gateway is the firewall--the only host that your
router allows packets to reach.
chris> 5. We'd really like some sort of (very lightly used) network file
chris> system to be available between one of our local hosts and a host on
chris> the specific remote network. Does Sun-NFS work over long distance
chris> internet connections (i.e. are the packets normally blocked)?
it'll work fine for you...and everyone else. don't allow folks on
the internet to access nfs on your internal net.
chris> 4. It would be real nice if users on our US office network could drive
chris> straight through our gateway as if it weren't there.
it's easy enough for someone to spoof your us office network and
drive straight through your router as well. this *is* a good
problem. does anyone have any good solutions?
chris> To reach an internal machine
chris> it would be necessary to login to the gateway and then
chris> rlogin/telnet again from there.
i haven't been able to decide what to do with this and hope to hear
more response from the list. add users to the firewall, and you add
too much noise to the logs for them to do any good, as well as
adding to the vulnerability of the firewall. have all users go
through a single account and you have a password distribution, and
accountability problem.
unfortunately, there is always a tradeoff: the better the security,
the more inconvenient the firewall. is a convenient, secure
firewall desirable? attainable?
Bill Wohler <wohler @
sap-ag .
de>
SAP AG Heidelberg Red Barons
Postmaster Ultimate Frisbee Team
Follow-Ups:
|
|
