I would suggest that you do your ipx tunnelling outside the firewall -
put your Netware Server between the firewall router and your provider's
router (DMZ). Allow IPX through the firewall router and block it through
the provider's router. Allow IP/UDP and IP/TCP through the provider's router
and block IP/UDP through the firewall router. Should be safe enough....
Mark
Marol Consulting
On Fri, 13 Oct 1995, Danny Cox wrote:
> Ok .. things are clarifying further for me. I understand that in order
> to use Novell's IPX tunnelling within IP it has to be run using UDP.
>
> Given general attitudes towards UDP through firewalls I'm a little
> troubled by this. Would the general concensus here be to not do it?
> Would there be easy ways of improving this ? eg have some proxyish sort of
> thing which accepts UDP and squirts out TCP for passing thro' the fw?
>
> Furthermore .. what are the implications of letting IPX through. Should
> this traffic be filtered in anyway ? If it makes any difference, and I'm
> not at all convinced it does, our plan will be to run it through modems
> and/or ISDN. I guess that will have to go through some sort of Terminal
> Server. I suppose if we do let IPX through like this, then we could
> effectively use the Internet as our connection medium for an IPX based
> VPN?? Actually, thinking on .. we plan to connect our LANs between this
> site and our new one using Kilostream links. We'll use ISDN as a backup.
> I think there are thoughts about using a product by Novell - I forget its
> name. I suspect that won't combine with the firewall too well. So my
> idea would be to firewall the lot and, as I say, tunnel the IPX through
> it.
>
> Any comments ?
> Thanks .. Danny
>
References:
|
|
