Firewalls: Re: Firewalls: NT versus UNIX

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls: NT versus UNIX
From:	Michael Dillon <michael @ memra . com>
Organization:	Memra Software Inc. - Internet consulting
Date:	Mon, 11 Mar 1996 20:42:11 -0800 (PST)
To:	Jay Tingiris <jtingiris @ gw . paradyne . com>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<s144828a . 089 @ gw . paradyne . com>

On Mon, 11 Mar 1996, Jay Tingiris wrote:

> Low Cost Firewall:  $2,000 US (hardware/software included)

I note that labor costs are not included ;-)

> 1) TCP/IP filtering mechanism that allows for priority queuing 

FreeBSD

> 2) HTTP caching proxy support (internal and external)
> 3) FTP caching proxy support (internal and external)
> 4) GOPHER caching proxy support (internal and external)

CERN (or W3) httpd http://www.w3.org/httpd

> 5) Telnet proxy support  (internal and external)
> 6) SMTP secured mail transport mechanism (inbound and outbound)

TIS Firewall toolkit ftp.tis.com

> 7) DNS Server Capability (forwarding, caching, and secondary support)

BIND (comes with FreeBSD)

> 8) HTTP Server Support for External/Internal WWW pages

Apache (http://www.apache.org) can easily do virtual domains so just give 
your host two IP addresses named www.your.org and inhouse.your.org

> 9) MBONE tunnel endpoint (secure internal broadcast)

FreeBSD can do MBONE, not sure about secure internal broadcast but I 
suspect the ipfw packet filtering (man ipfw) will deal with that.

> 10) IRC Client and Server support (internal and external)

Internal is easily handled by ipfw packet filtering. It's probably a bad 
idea to access external IRC networks through the firewall. In any case,
you don't need to run an IRC server to access the global IRC nets.

> 11) WAIS caching proxy support (internal and external)

????

> 12) POP mail support

comes with freeBSD (get Qualcomm popper from the ports collection)

> 13) Automatic Status reports and cache management features.

with PERL, you can do wonders!

> 14) ALL ON THE SAME MACHINE!

Not the best way to do things, but for somebody with a $2,000 budget this 
is likely the only choice. Note that I already have much of the above 
working on my home LAN which uses RFC1918 addresses and I think that for 
a home LAN or a small organization, this is a reasonable architecture.

> Internet services.  It must also be configurable to support raw port tunneling
> for other obscure services such as NFS or MBONE.

NFS? I was under the impression that NFS is not possible through 
a firewall in a secure manner.

You haven't mentioned wierd stuff like RealAudio up there. If you need to 
open up UDP ports there is also a package called UDPrelay out there somewhere
that works similar to TIS fwtk plug-gw. 

Setting this up is npt going to be simple, but if you have the time, it 
can be done.

Michael Dillon                                    Voice: +1-604-546-8022
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael @
 memra .
 com

References:

Firewalls: NT versus UNIX
From: Jay Tingiris <jtingiris @ gw . paradyne . com>

Indexed By Date	Previous:	Re: Firewalls: NT versus UNIX From: "Rev. Ben" <samman-ben @ CS . YALE . EDU>
Indexed By Date	Next:	Re: books on security policies From: John Bell <job @ hprofsdv . nwscc . sea06 . navy . mil>
Indexed By Thread	Previous:	Re: Firewalls: NT versus UNIX From: "Rev. Ben" <samman-ben @ CS . YALE . EDU>
Indexed By Thread	Next:	Re: Firewalls: NT versus UNIX From: C Matthew Curtin <cmcurtin @ gatekeeper . cb . att . com>