Firewalls: RE: plug-gw and tis and ipfs

Firewalls
(March 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: plug-gw and tis and ipfs
From:	Rick Murphy <rick @ tis . com>
Date:	Mon, 10 Mar 1997 11:05:47 -0500
To:	jungjun <cloud @ kexin . co . kr>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<XFMail . 970309111028 . kempster @ pop . net>
References:	<33203BAB . 89D @ kexin . co . kr>

It's interesting that nobody yet has figured out what your problem
is. The real problem is that you're trying to plug from outside to
inside - that's OK - however, all you need is to set up the plug-gw
*and change the outside host to connect to the firewall*. That's what's
missing - since your outside host is still trying to connect to the
inside host, it's being denied by the forwarding rules. 

You can solve your problem easily by using the packet filter editor
to add an "absorb" rule that absorbs connections from the outside toward
the inside - this will permit the proxy to see the real destination and
avoid the forward deny. Gauntlet permits transparent connections by default
only from the inside toward the outside; enabling transparency inbound
does not compromise the security of the firewall. 
	-Rick

References:

plug-gw and tis and ipfs
From: jungjun <cloud @ kexin . co . kr>
RE: plug-gw and tis and ipfs
From: Ken Kempster <kempster @ pop . net>

Indexed By Date	Previous:	Re: Mainframe - SNA Security in the internet environment. From: Kevin Bowman <kbowman @ garmin . com>
Indexed By Date	Next:	NT Shares... From: "Engasser, Charlie" <Engasser @ JS-JTF . AF . MIL>
Indexed By Thread	Previous:	RE: plug-gw and tis and ipfs From: Ken Kempster <kempster @ pop . net>
Indexed By Thread	Next:	re: plug-gw and tis and ipfs From: glong @ igate . sprint . com