If your hardware router is bridging only SPX/IPX & you want the SUN to
do the same. Why not put the xylogics on the internal net?
I do not see any advantage to it on the 'perimeter net', since you
want it to bridge the packets? Bridging is not going to do any packet
screening or authentication It will just forward the packets.
On the other hand, if the xylogics is doing IP & SPX/IPX, I can see
your problem in not wanting to put it on your internal net. You could
add another router between the internal & perimeter net. Just
configure it to route or bridge IPX/SPX.
This keeps your IP going through your firewall & properly
authenticated. The SPX/IPX is not authenticated and routed or bridged
right on through.
Just a thought.
Tom Walker, Network Manager American College of Cardiology
______________________________ Reply Separator _________________________________
Subject: Firewall-1, unix routing, and IPX/SPX bridging
Author: david @
com (David Flinn) at Internet-Mail
Date: 4/14/ 0 2:37 PM
I've got a tricky question concerning using a Sun Netra with firewall-1
running on it and Novell's IPX/SPX. More generically, it addresses
the issue if any Unix box routing between two ethernet interfaces can
"bridge" IPX/SPX. Note the following picture:
18.104.22.168 Class C network
255.255.192.0 subnet mask
netcom.com ----- hardware ----(le0) netra (le1)---
router firewall-1 |
xylogics internal network
The scenario is that if an employee uses a dial up modem into
the xylogics terminal server and is using NovellRemote, the xylogics
will handle it and pump out IPX/SPX packets to the router. The router
can handle it, and bridges the packets out to the netra. Since
the netra is a TCP/IP router, I am 98% darn sure that the IPX/SPX
packets will not make it over to the internal network.
So ... is it possible to make this happen?
question (1) : Can a Sun (or any Unix box) with two ethernet interfaces
be made to bridge IPX/SPX packets?
If no, I guess we have to put the xylogics on the
inside of the firewall. Bummer.
If yes, what software products are required to make
question (2) : Now that we can "bridge" IPX/SPX across two ethernets,
will this still work if Firewall-1 is running on the
If Firewall-1 can't do it, how about TIS or Gauntlet?
Thanks for your time, consideration, and thoughts,