Firewalls: Re: CERN httpd vs http-gw

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CERN httpd vs http-gw
From:	Rens Troost <rens @ imsi . com>
Date:	Wed, 01 Feb 1995 17:23:14 -0500
To:	Ken Hardy <ken @ bridge . com>
Cc:	tpaquett @ aec . ca, firewalls @ greatcircle . com, bdrennin @ plaind . com
In-reply-to:	Your message of "Wed, 01 Feb 1995 12:34:53 CST." <199502011834 . AA06914 @ ignatz . bridge . com>
Reply-to:	rens @ imsi . com

>>>>> "Ken" == Ken Hardy <ken @
 bridge .
 com> writes:

  Ken> But what CERN's cannot be configured for, AFAIK, is specific IP
  Ken> addresses to _not_ access it.  I.e., unless I want to enter all
  Ken> my subnets (for a class B, plus some class Cs), I cannot
  Ken> explicitely deny my border net (the DMZ).

The best way to configure CERN is to run it on an internal machine,
making it's outbound connections with SOCKS or call-compatible socks
replacement through the firewall. I would not run it on the bastion.

-Rens

References:

Re: CERN httpd vs http-gw
From: Ken Hardy <ken @ bridge . com>

Indexed By Date	Previous:	Re: Test labs From: Joe Judge <Joe . Judge @ FMR . Com>
Indexed By Date	Next:	spoofing attack - filtering forged addresses From: chris @ applied . com (Chris Johnston)
Indexed By Thread	Previous:	Re: CERN httpd vs http-gw From: Ken Hardy <ken @ bridge . com>
Indexed By Thread	Next:	Re: CERN httpd vs http-gw From: Brent @ GreatCircle . COM (Brent Chapman)