Firewalls: Re: why this should not work a gateway/proxy/firewall ???

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: why this should not work a gateway/proxy/firewall ???
From:	tzeruch @ ceddec . com
Date:	Thu, 26 Jun 1997 15:12:37 -0400
To:	Alexandre CHERIF <Alexandre . Cherif @ videopole . fr>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<19970626131429913 . AAA229 @ SMTP . VIDEOPOLE . fr>

Check out IP Masquerading in the Linux kernel.  It does work and quite
well in most cases.  Fun things happen with things like quake that allow
only one session per IP address (hint: use IP Aliasing), or (again quake)
use one message to initiate a second connection (so you have to create a
second connection based on information buried in the the first - this also
happens in FTP).

So it isn't always trivial, but it has been done and works well.

On Thu, 26 Jun 1997, Alexandre CHERIF wrote:

> why nobody thinks to get the message send from the host to the gateway
> (like a router) take the packet rewrite his adress with his own, send the
> packet to the remote host, open a fake server (dependind on tcp,udp,icmp
> source packet) and then when the remote host send his response, rewrite
> the
> end-user adress has it destination ??

References:

why this should not work a gateway/proxy/firewall ???
From: "Alexandre CHERIF" <Alexandre . Cherif @ videopole . fr>

Indexed By Date	Previous:	Re: Definition of a security expert From: Mark Teicher <mht @ clark . net>
Indexed By Date	Next:	Re: Connecting 40 remote sites securely? From: tzeruch @ ceddec . com
Indexed By Thread	Previous:	why this should not work a gateway/proxy/firewall ??? From: "Alexandre CHERIF" <Alexandre . Cherif @ videopole . fr>
Indexed By Thread	Next:	Exchange Help ... From: Mark Berman <markb @ icon . co . za>