Firewalls: Re: questions

Firewalls
(February 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: questions
From:	George Hartzell <hartzell @ postgres . Berkeley . EDU>
Date:	Thu, 17 Feb 1994 16:30:00 -0800
To:	mjr @ tis . com
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9402152109 . AA00578 @ otter . tis . com>
References:	<9402152109 . AA00578 @ otter . tis . com>
Reply-to:	hartzell @ cs . berkeley . edu (George Hartzell)

mjr @
 tis .
 com writes:
 > >[...]
 > >(screened subnet with all internet-internal net traffic blocked)
 > >
 > >Internet -----[router]-------|-------[router]-----Internal net
 > >                             |
 > >                      [bastion host]
 > >
 > >
 > >
 > >(dual-homed gateway wrapped with screening routers)
 > >
 > >Internet -----[router]----[bastion gateway]----[router]-----Internal net
 > 
 >                                                 ^^^^^^^^
 >                                                Not Needed
 >[...]
 > 	The tradeoff is that you then *never* have the option of
 > routing any traffic through. [...]

How does the availability of screend on your "bastion gateway" effect
that statement?

Is it crazy to think about using screend to do some filtering on the
same machine that was running app. gateways?

g.

References:

Re: questions
From: mjr @ tis . com

Indexed By Date	Previous:	Re: Allowing FTP and TELNET through firewall. From: jim @ Tadpole . COM (Jim Thompson)
Indexed By Date	Next:	SUBSCRIBE From: david @ cvpsun06 . csc . ti . com (David Bourgoyne)
Indexed By Thread	Previous:	Re: questions From: "John P. Rouillard" <rouilj @ terminus . cs . umb . edu>
Indexed By Thread	Next:	Re: questions From: johns @ oxygen . house . gov (John Schnizlein)