Great Circle Associates Firewalls
(November 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: MBONE and Firewalls
From: Darren Reed <avalon @ coombs . anu . edu . au>
Date: Sat, 26 Nov 1994 00:14:09 +1100 (EDT)
To: shawni @ llnl . gov (Shawn Instenes)
Cc: mcr @ milkyway . com, firewalls @ greatcircle . com
In-reply-to: <Pine . SUN . 3 . 90 . 941124141305 . 25315E-100000 @ dcsp . llnl . gov> from "Shawn Instenes" at Nov 24, 94 02:28:15 pm

> 
> On 24 Nov 1994, Michael Richardson wrote:
> >   From what I understand of the way that the mbone tunnels multicast
> > data through unicast routers, it should be possible to get mbone
> > traffic into your protected network if you can get a virtual circuit
> > between inside, and some mbone machine outside. 
> 
> I've done this.  Somewhere in the Firewalls archive you should find the 
> text I wrote about it after the topic was brought up in one of the 
> Firewalls BOFs.
> 
> >  Does mbone tunnelling encapsulate in UDP or TCP? I would assume the
> > former since it would be more efficient, but if TCP encapsulation
> > is implemented, then something like "proxy-telnet" (or equivalent), 
> > should be able to provide the required virtual circuit.
> 
> It's IP-within-IP (protocol 9, I believe).

Protocols 2 (igmp) & 4 are what I see on my tunnels.

I'm not sure that a proxy service, but worth a try :)



References:
Indexed By Date Previous: Re: MBONE and Firewalls
From: Shawn Instenes <shawni @ llnl . gov>
Next: Re: SUMMARY: Recommendations for Accesslists on Cisco?
From: Goran Svensson <goran @ btj . se>
Indexed By Thread Previous: Re: MBONE and Firewalls
From: Shawn Instenes <shawni @ llnl . gov>
Next: TIS fwtk and SWATCH - UnixWare porting issues
From: jimc @ e-Commerce . Com (Jim Carroll)

Google
 
Search Internet Search www.greatcircle.com