Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: questions
From: George Hartzell <hartzell @ postgres . Berkeley . EDU>
Date: Thu, 17 Feb 1994 16:30:00 -0800
To: mjr @ tis . com
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9402152109 . AA00578 @ otter . tis . com>
References: <9402152109 . AA00578 @ otter . tis . com>
Reply-to: hartzell @ cs . berkeley . edu (George Hartzell)

mjr @
 tis .
 com writes:
 > >[...]
 > >(screened subnet with all internet-internal net traffic blocked)
 > >
 > >Internet -----[router]-------|-------[router]-----Internal net
 > >                             |
 > >                      [bastion host]
 > >
 > >
 > >
 > >(dual-homed gateway wrapped with screening routers)
 > >
 > >Internet -----[router]----[bastion gateway]----[router]-----Internal net
 > 
 >                                                 ^^^^^^^^
 >                                                Not Needed
 >[...]
 > 	The tradeoff is that you then *never* have the option of
 > routing any traffic through. [...]

How does the availability of screend on your "bastion gateway" effect
that statement?

Is it crazy to think about using screend to do some filtering on the
same machine that was running app. gateways?

g.


References:
Indexed By Date Previous: Re: Allowing FTP and TELNET through firewall.
From: jim @ Tadpole . COM (Jim Thompson)
Next: SUBSCRIBE
From: david @ cvpsun06 . csc . ti . com (David Bourgoyne)
Indexed By Thread Previous: Re: questions
From: "John P. Rouillard" <rouilj @ terminus . cs . umb . edu>
Next: Re: questions
From: johns @ oxygen . house . gov (John Schnizlein)

Google
 
Search Internet Search www.greatcircle.com