Great Circle Associates Firewalls
(February 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Address translation
From: Ian Marr <im @ finsbury . co . uk>
Date: Wed, 15 Feb 1995 17:37:53 +0000 (GMT)
To: mrm @ alpharel . com (Mike Murphy)
Cc: firewalls @ greatcircle . com
In-reply-to: <9502151702 . AA20526 @ optisun17 . optigfx . com> from "Mike Murphy" at Feb 15, 95 09:02:04 am 
Mike Murphy writes:
> 
> I don't think the complexity of a dual proxy firewall is required. Here
> is a diagram of our network (give or take).
> 
> The Dirty Net is a registered class C. The inside nets, which happen to
> be registered, are not visible to the external world in any way except
> the NIC registration. There are no routes from the Internet or the
> Dirty Net to the Inside Nets.
> 
> Do you need anything more complicated than this?

   Yes, I think you do.

   OK so there aren't any routes or direct IP path in a single proxy
   solution but *routing* is still a problem. Your firewall's 
   default route *must* be external and it then follows that your
   internal network must be unique if you want to talk to them.
   
   Ian.
------------------------------------------------------------------------------
Ian Marr           Wingrove, 10 St Georges Road, Sevenoaks, KENT, TN13 3ND, UK
im @
 finsbury .
 co .
 uk                                              +44-732-453-577
Indexed By Date Previous: MODEMS - SOURCES OF INFORMATION
From: David Worthington <dave @ chadwyck . co . uk>
Next: Connecting to a pop mail server via firewall
From: "NORSE::SMALL_DO" <SMALL_DO%NORSE . decnet @ gate . hosp . ohio-state . edu>
Indexed By Thread Previous: Re: Address translation
From: Brent @ GreatCircle . COM (Brent Chapman)
Next: Re: Address translation
From: P . vanMossel @ telecom . ptt . nl
Google
 
Search Internet Search www.greatcircle.com