"Antonio Vasconcelos" <antonio_vasconcelos @
q950 .
bvl .
pt> wrote
>...
>When a user from the internal net is telneting or ftping to an outside
>host it must present an legal address from our oficial class C network
>not the stuff we use inside, the reverse must be done too in order to
>receive the replies.
>
>So, the firewall must do; first the filtering stuff, then it must
>rebuild the
>packet in order to change (eg) 192.168.129.1 to 194.104.35.45, and do
>the
>reverse ONLY if the incamming packet is a reply. There will be an
>one-to-one
>relation between the official addresses and the private addresses.
>
>I've never saw this kind of software, but I'm sure it must existe.
You're right to be sure. Isn't it exactly what proxy and application
gateways do?
An internal node connects to the firewall. The firewall sends a request
from the inside on a different connection to the outside. A reply is
translated back to the internal connection and send to the originator
on the internal net.
Thus the firewall hides all the addresses on the internal net.
Paul.
---------------------------------------------------------------------
drs. Paul van Mossel | Telephone : +31 50 852238
PTT Telecom BV | Telefax : +31 50 852240
I&AT | E-mail : P .
vanMossel @
telecom .
ptt .
nl
P.O. Box 188 | DISCLAIMER: This statement is not an official
NL-9700 AD Groningen | statement from, nor does it represent an,
The Netherlands | official position of, PTT Telecom B.V.
---------------------------------------------------------------------
X400 address: /c=NL/admd=400NET/prmd=PTT Telecom/s=van Mossel/I=P
---------------------------------------------------------------------
|
|
