Firewalls: NFS and X -- Internet tunnel to a "trusted" remote site

Firewalls
(May 1994)

Indexed By Thread: [Previous] [Next]

Subject:	NFS and X -- Internet tunnel to a "trusted" remote site
From:	Doug Karl <kbridge @ magnus . acs . ohio-state . edu>
Date:	Thu, 26 May 1994 22:24:15 -0400 (EDT)
To:	reh @ cs . umd . edu
Cc:	Brad . Sipes @ redwood . controls . eurotherm . com, Jon . Wagner @ redwood . controls . eurotherm . com, Mike . Geipel @ redwood . controls . eurotherm . com, firewalls @ greatcircle . com

Date: Tue, 17 May 1994 13:55:18 +0000 (GMT)
In-Reply-To: Richard Huddleston's message of Thu, 12 May 1994 21:21:51 -0400 <199405130121 .
 VAA12203 @
 bedrock .
 cs .
 UMD .
 EDU>
Subject:  NFS and X -- Internet tunnel to a "trusted" remote site
Sender: Firewalls-Owner @
 greatcircle .
 com

   * Our company has several sites, world-wide.  A few of those sites
   * need to have their IP networks linked together for a cooperative
   * development project.  We currently use dial-up (on-demand)
   * connections, and pay the long-distance charges for PPP modem
   * connections.  But we need 64K or better.
   * 
   * Within the US, leased lines are no problem.  But a DS-0 to the UK
   * would cost each side $3000 per month.  The obvious alternative is
   * to use the Internet connections at each end.
   * 
   * So, if two sites on the Internet want to allow unlimited IP
   * access to each other but need to filter all other packets as
   * usual... what do they need to do (or buy) to make this tunnel
   * through the firewalls?
   * 
   * And yes, this would include services like NFS and X.  :-(
   * 
   * Is there a way to make this point-to-point tunnel "safe" without
   * encryption at each end?  What are the problems?  If IP-level
   * encryption is required, is there a vendor that can supply the UK
   * without ! @
 #$%^&* US export problems?
   * 
   * Please respond via e-mail; I'll summarize if there's interest.
   * --
   * Mike Geipel                  (N4IXJ) | Eurotherm Controls Inc.
   * Telephone:       (703) 471-4870 x387 | 11485 Sunset Hills Road
   * "Mike .
 Geipel @
 Controls .
 Eurotherm .
 COM" | Reston, VA   22090-5286

Mike,

The KarlBridge / KarlBrouter with encryption option will provide the
firewall features and also will do the encryption you require. Since
the Encryption algorithm was developed and implemented in the KarlBridge
/ KarlBrouter in the UK and then sent to the USA it is available outside the
USA by purchasing the UK version of the KarlBridge / KarlBrouter for the
sites outside USA and purchasing the USA version inside the USA. You can
encrypt either the UDP/TCP portion of the IP packet and hence it will pass
thru routers.  You can also setup a virtual encrypted Ethernet between
your remote offices where each Ethernet LAN in each of your remote offices
looked like they are "bridged" together.  This is nice if you have non-IP
based machines (such as Novell, Apple, LanManager, etc.) The transport
mechanism between each of these bridge boxes is IP over the Internet.  The
Ethernet payload is optionally encrypted.

doug karl

Indexed By Date	Previous:	virus checking utilities From: Karyn Pichnarczyk <karyn @ cheetah . llnl . gov>
Indexed By Date	Next:	TIS gateways not observing timeout From: ianh @ resmel . bhp . com . au (Ian Hoyle)
Indexed By Thread	Previous:	NFS and X -- Internet tunnel to a "trusted" remote site From: Bob Sutterfield <bob @ MorningStar . Com>
Indexed By Thread	Next:	FW config help From: messmanj @ ohsu . edu (John Messman,PC-D,Metro)