Great Circle Associates Firewalls
(March 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Firewalls and NFS -
From: smb @ research . att . com
Date: Tue, 23 Mar 93 10:27:42 EST
To: Marcus J Ranum <mjr @ TIS . COM>
Cc: wohler @ sap-ag . de, firewalls @ GreatCircle . COM

	 	A tunnelling router is a router that accepts traffic for a
	 network, then encapsulates it either in IP or some other protocol,
	 and sends it to another tunnelling router that de-encapsulates it
	 and injects it onto the network as if it got there normally. Part
	 of the encapsulation can consist of cryptography or whatever you
	 like. The advantages of tunnelling is that you can put a tunnel
	 on the *inside* of your firewall, and (depending on how your firewall
	 is set up) you can make remote networks you trust look like they
	 are local with a one-hop route.

Of course, that's also the *disadvantage* of tunnelling -- anyone who
can set up any sort of circuit between an internal and an external
point can open up IP access to the internal net.

I discussed some of this, albeit without using the word ``tunnel'', in a
Usenix paper a few years ago.  Anyone interested can snarf it from

Indexed By Date Previous: Re: FYI - New NIC database
From: Bob Reinhardt <breinhar @ srg . srg . af . mil>
Next: Re: Firewalls and NFS
From: chk @ alias . com (C. Harald Koch)
Indexed By Thread Previous: Re: Firewalls and NFS -
From: Marcus J Ranum <mjr @ TIS . COM>
Next: Administrivia: bounced email returned to originator
From: Brent Chapman <brent @ GreatCircle . COM>

Search Internet Search