The magic would have to be supported by the IPX/IP device, of course. I
presumed that their would be a mechanism to define listening ports on the
gateway proxied to internal IPX servers. How that translation is handled
would be by maintaining an IP address/port to SPX session table, for
example. I have no idea if any of the current devices support this today,
but one would presume its somehow possible.
NT, for example, supports multiple IP addresses on the same interface and
can distinguish between requests for service on the same port if supplied
with either a different IP address or a different DNS name, so the concept
of multiple listens to the same port is not new.
So, for example, through a SAP you could advertise that you are willing to
accept Telnet connections from the IPX/IP device, or the device could check
SAPs and match service name to inbound IP address/Port number, whatever...
Unless the devices support outbound requests only, which they do not as
they support Web Servers also, then you are allowing a mapping to occur
between and exposed IP/Port combination and an internal IPX/SPX server.
Since more services are generally desired beyond HTTP, the makers of these
devices are going to have to find a way to support as many services as
possible. Would you buy a firewall that only supported outbound
These vendors are out to sell to customers who do not want to implement IP
on the desktop, not company who only want to have a web server and outbound
connections. And if the idea of a global IPX-based Internet is to come
about, then support of services is going to have to widen, which in turn
will bring my point more to the fore.
Besides, if I hijack the session outside of this firewall, then the
datastream is mine to determine, so I can send back whatever data I want
and the translation device will take care of getting to the internal host.
So even on an outbound only device, it would still be possible for me to
put data back into the IPX network. An outbound-only TCP/IP-based firewall
presents the same benefits as an IPX-based one.