Firewalls: Re: One Router or Two

Firewalls
(July 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: One Router or Two
From:	Carl Jolley <cjolley @ iac . net>
Date:	Mon, 10 Jul 1995 16:45:58 -0400 (EDT)
To:	Markly Dykeman <markly @ cor . cerfnet . com>
Cc:	firewalls-digest @ GreatCircle . COM
In-reply-to:	<sffeed77 . 002 @ wpsmtp>

What you say about outgoing packets is correct however depending on how
the router is used, it _may_ make no difference. If one only has 2 network
interfaces on a router that is serving as a screening router then you're
covered since it is clear that output on a port must have come in from
the other (and visa-versa). So if you want to block input from port 1
then blocking the output on port 2 would do the same thing.

**** cjolley @
 iac .
 net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****

On Sat, 8 Jul 1995, Markly Dykeman wrote:

> I can think of one reason for two routers.  If you have older cisco routers
> hanging around that you are trying to implement your DMZ with.  Cisco's
> prior to 9.1.2 (?) only support outgoing packet filters. In this case, isn't it
> manditory to use two routers if you are trying to implement a "screened
> subnet"?
> 
> markly
> 
>

References:

Re: One Router or Two
From: Markly Dykeman <markly @ cor . cerfnet . com>

Indexed By Date	Previous:	Re: Quarantined Mail ??? From: Carl Jolley <cjolley @ iac . net>
Indexed By Date	Next:	Please add me to this alias From: jerald @ rainbow-16 . Corp . Sun . COM (Jerald Josephs)
Indexed By Thread	Previous:	Re: One Router or Two From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Indexed By Thread	Next:	Re: One Router or Two From: Brent @ GreatCircle . COM (Brent Chapman)