has anyone any comments/info on using unix svr4 boxes as part of a firewall,
i'm planning on a traditional architecture...
ether ether 64k leased line
internal--------ncr system 3000---------cisco-------------------real
net unix svr4 world
+ wollongong win-tcp
turn off ip forwarding in the kernel, remove most of the tcp/udp services
on the host, block source routes on the cisco and set access lists to block
non-essential services, use the tis toolkit to let internal hosts get out
via proxy ftp/telnet, etc.
my main concerns are:
i've never heard even rumours of a bastion host running wollongong's
implementation of tcp/ip, is this because no one's tried or is it
because it isn't a good choice?
is the tis toolkit good on svr4? i've compiled it ok but haven't had
a chance to set up any real testing yet
thanks for any help
john
--
john .
corb @
UnitedKingdom .
NCR .
COM +44 71 725 8837
it ain't no use turning on your light babe, i'm on the dark side of the road
Follow-Ups:
|
|
