Great Circle Associates Firewalls
(October 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Apple protocols through a firewall
From: "Stephen H. Goldstein" <steveg @ cseic . saic . com>
Date: Thu, 19 Oct 1995 10:56:21 -0400
To: Joshua Cole <jcole @ access . digex . net>
Cc: robert @ deakin . edu . au (Robert Ruge), firewalls @ GreatCircle . COM 
>> 
>> Has anyone got any ideas on how one would get Apple Ethertalk
>> protocols through a firewall setup or provide any compeling
>> reason why doing so would be an extremely bad idea?
>
>Well, for one thing, AppleTalk protocols over Ethernet are not IP, so
>IP firewalls will have no effect. If, however, you are encapsulating
>AppleTalk in IP, you will have to get a firewall or tunneling software
>that is smart enough to filter on specific AppleTalk services.
>
>You cannot, of course, filter on specific AppleTalk node addresses. Rather,
>you will have to filter out Networks, Zones or Name Binding Protocol names.
>
>For services, you will have to filter based on Datagram Delivery Protocol
>socket IDs. I'm not sure if there is a published list of these, but
>you may want to check out some of the Mac FTP archives like info-mac.
>
>I am not aware of any products that do any of this currently, but it's
>not an easy prospect.
>
>Good luck!
>
>--Joshua Cole
>  Communications Engineer
>  EDS
>
KarlNet of Columbus, Ohio (614)-263-5275  http://www.karlnet.com
Has a product called KarlBridge, which essentially is a PC with two 
Ethernet cards nicely packaged into a stackable filtering Ethernet Bridge
(Brouter software is optional) that can filter on AppleTalk, Novell, IP, 
and DECnet.

I've had an evaluation unit here in our lab for several weeks now.  
Overall I like the unit for its hardware simplicity and price/performance, 
though there are some kinks in the filter configuration GUI that could come
back to bite someone who doesn't configure and then *test* to ensure it's
behaving as intended - something you should do after setting up any
set of filter rules anyway. If you have a need to be filtering on these
protocols, it's certainly worth a look.

Standard Disclaimer:  Neither I nor SAIC are affiliated with KarlNet in any 
   way other than having this eval unit which we are now in the process of
purchasing for inclusion in our firewall / networking lab. 
   
---
Stephen Goldstein     steveg @
 cseic .
 saic .
 com
My first computer:    A 24K Atari 800, Rev. A ROMS, November 1980
       Disclaimer:    That's not what I said.
Indexed By Date Previous: Re[2]: NT Firewall
From: "Dave Druitt" <dave_druitt @ GWFX1 . sysorex . com>
Next: RE: ENCRYPTED DATA ACROSS NATIONAL BOUNDARIES???
From: gblolmxb @ ibmmail . com
Indexed By Thread Previous: Re: Apple protocols through a firewall -Reply
From: Paul Ferguson <pferguso @ cisco . com>
Next: Re: Apple protocols through a firewall -Reply -Reply
From: Wade Williams <wwilliams @ mail . state . tn . us>
Google
 
Search Internet Search www.greatcircle.com