Firewalls: ipx routing

Firewalls
(February 1996)

Indexed By Thread: [Previous] [Next]

Subject:	ipx routing
From:	"Lehrer, Neil" <nlehrer @ usia . gov>
Organization:	USIA
Date:	Wed, 7 Feb 96 11:19:33 -0500
To:	firewalls @ greatcircle . com
In-reply-to:	<0A1F09310136C8D1>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Subject: Re IPX routing

paul .
 carrol @
 medaphis .
 com offered up:

>I am about to setup a firewall for our Internet link.
>
>I have recently learned that we are bringing in an X.25 line from 
Compuserve.
>The line runs into a Compuserve box that resides here that we do NOT 
control.
>
>From the Compuserve box, a line runs into one of our router interfaces.
>
>Obviously, I want to firewall this link as well...
>It passes IPX and TCP/IP, and needs to do both.
>
>The problem I have is with IPX. We have decided on Raptor Eagle as our 
firewall.
>It will run on a SUN Sparc 20, and it will NOT pass IPX.
>
>Any suggestions?

Well .. not sure whether this works or not, but I'd be interested in 
comments
myself.  Is IPX critical for you ?

I ask because we're running IP and IPX on our LAN here, and I'm being 
pushed
to allow both across our firewalling mechanism.  Our Netware guy said to 
me the
other day that we needed IPX as some products actually require IPX in 
order
to work.  This sounds like snake oil to me - I'd have thought that the 
underlying
protocol - whether IP or IPX should make no difference whatsoever.  Any 
comments
on this ?  It's also been suggested to me that Novell/IP works by simply 
encapsulating IPX within an IP packet - this doesn't quite sound like 
full IP
to me.  Can anyone comment upon this ?  If we can move everything to IP, 
then
our problems potentially disappear here, and I needn't route IPX at all.  
Sound
easy to me from there (ish!).

I wonder Paul, whether you could do something along these lines ?  I 
wonder
everyone whether you all think I'm pouring snake oil around the place too 
? :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

it is true that some netware products use ipx/spx directly.  whether they 
would work properly, or at all, with netware/ip is something you would 
have to test (unfortunately).


Regards                                     


+++++++++++++++++++++++++++++++++++++++
+ Neil Lehrer                       
+ U.S. Information Agency         
+ Networks and Systems Support Division
+                                   
+ voice    202 619-0903             
+ fax      202 619-3883             
+ internet nlehrer @
 usia .
 gov         
+                                   
+ "oh what a tangled net we weave   
+  when we seek to retrieve."       
+                                  
+++++++++++++++++++++++++++++++++++++++

Indexed By Date	Previous:	Re: Survey From: "KM" <goertzek @ gateway . wangfed . com>
Indexed By Date	Next:	RE: NT's TCP/IP stack From: Scott Barman <scott @ Disclosure . COM>
Indexed By Thread	Previous:	Re: firewalls, email, and dns From: "Richard L. Snow" <rich @ aoainc . com>
Indexed By Thread	Next:	RE: ipx routing From: Craig McLellan <mclelcl @ onto . network . com>