Firewalls: Re: Firewalls-Digest V4 #236

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls-Digest V4 #236
From:	Jim Cabral <cabralje @ u . washington . edu>
Date:	Mon, 17 Apr 1995 03:08:05 -0900 (PDT)
To:	Firewalls @ GreatCircle . COM
Cc:	truth @ chmc . org
In-reply-to:	<199504150527 . WAA06130 @ miles . greatcircle . com>

> I've got a tricky question concerning using a Sun Netra with firewall-1 
> running on it and Novell's IPX/SPX. More generically, it addresses 
> the issue if any Unix box routing between two ethernet interfaces can 
> "bridge" IPX/SPX. Note the following picture:
>      
> 			192.207.93.0 Class C network
> 			255.255.192.0 subnet mask 
>      
>      
>      netcom.com ----- hardware ----(le0) netra (le1)---
>                          router	       firewall-1     |
>                            |                          |
>                         xylogics               internal network
>                            |                          |
>                          modems                       |
>                            |                       clients
>                      remote client
>      
> The scenario is that if an employee uses a dial up modem into
> the xylogics terminal server and is using NovellRemote, the xylogics 
> will handle it and pump out IPX/SPX packets to the router. The router 
> can handle it, and bridges the packets out to the netra.  Since
> the netra is a TCP/IP router, I am 98% darn sure that the IPX/SPX 
> packets will not make it over to the internal network.
>      
> So ... is it possible to make this happen?
>      
> question (1) :	Can a Sun (or any Unix box) with two ethernet interfaces 
> 		be made to bridge IPX/SPX packets?
>      
> 		If no, I guess we have to put the xylogics on the 
> 		inside of the firewall. Bummer.
>      
> 		If yes, what software products are required to make 
> 		this happen?
>      
> question (2) :	Now that we can "bridge" IPX/SPX across two ethernets, 
> 		will this still work if Firewall-1 is running on the
> 		netra ? 
>      
> 		If Firewall-1 can't do it, how about TIS or Gauntlet?
>      
> Thanks for your time, consideration, and thoughts,
>      
> david
> - -------------
> david flinn
> david @
 wsi .
 com
> 

I'm running into a similar problem, although using Windows NT 3.5
RAS as a dialin server (on the Internet DMZ side of a fwtk firewall) so I 
need to bridge both IPX and NetBIOS.  A partner of mine thinks we should 
just put a second NIC in the NT server, configure only IP on the NIC 
connected to the Internet DMZ, and configure only NetBIOS and IPX on the 
NIC connected to the internal network.  I think this a is good solution 
but I was wondering the following:

*********************** Question *************************************

Does anyone knows of a version of screend or similar packet screen that
supports bridging IPX and/or NetBIOS on an Ultrix system?

I don't think such an animal exists but I would be helpful to allow us to
log IPX and NetBIOS traffic. 

  jim

Jim Cabral 7712 Corliss Ave N, Seattle, WA 98103 <cabralje @
 u .
 washington .
 edu>
Puget Technology Group, Inc. Systems Engineer, Voice/Pager/Fax: 206/525-1242
Univ. of Washington, Electrical Engineering, Research Assistant 206/543-1017

Indexed By Date	Previous:	Re: Transparent proxies From: Keinanen Vesa <vjk @ relevantum . fi>
Indexed By Date	Next:	Re: UDP From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Previous:	Re: UDP From: Barney Wolff <barney @ databus . com>
Indexed By Thread	Next:	Re: Firewalls-Digest V4 #237 From: darrell @ expertg . com (DARRELL KNIGHT)