Firewalls: Re[4]: About the firewalls using RIP or static routes

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re[4]: About the firewalls using RIP or static routes
From:	Brian Murrell <Brian_Murrell @ bctel . net>
Date:	Tue, 9 Apr 1996 13:00:12 -0700 (PDT)
To:	mhorn @ funb . com
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<199604051418 . JAA09872 @ funws302 . capmark . funb . com>

from the quill of "Mark Horn [ Net Ops ]" <mhorn @
 funb .
 com> on scroll
<199604051418 .
 JAA09872 @
 funws302 .
 capmark .
 funb .
 com>
> I don't think that's a very workable solution.  How do you enforce that
> routed will listen on the internal interface only?  What if your firewall
> employs a Bastion host with only one interface?

In my example I assumed a dual-homed bastion with the model of a trusted
(more or less) and an untrusted (i.e. the Internet) side.  You can have the
bastion only accept routing updates from the trusted side by blocking
routing from the untrusted side with a filter (either on or in front of the
bastion - on the untrusted side).

b.


--
Brian J. Murrell                                        Brian_Murrell @
 bctel .
 net
BCTel Advanced Communications                                   brian @
 ilinx .
 com
Vancouver, B.C.                                                brian @
 wimsey .
 com
604 454 5279

References:

Re: Re[2]: About the firewalls using RIP or static routes
From: "Mark Horn [ Net Ops ]" <mhorn @ funb . com>

Indexed By Date	Previous:	Reverse Proxy connection ... From: Pedro Leite <leite @ ua . pt>
Indexed By Date	Next:	Re: FWTK and SNMP-GW From: peter @ nmti . com (Peter da Silva)
Indexed By Thread	Previous:	Re: Re[2]: About the firewalls using RIP or static routes From: "Andrew V. Stesin" <stesin @ elvisti . kiev . ua>
Indexed By Thread	Next:	Re: About the firewalls using RIP or static routes From: Paul Ferguson <pferguso @ cisco . com>