Firewall Wizards mailing list archives
RE: Newbie question - IP routing through a firewall
From: Peter Mayne <Peter.Mayne () digital com>
Date: Tue, 2 Jun 1998 14:00:31 +1000
The AltaVista Firewall for UNIX has packet-forwarding enabled by default. There are (at least) two reasons for this. 1) screend is used to block all packet forwarding (by default). This provides better logging of attempts to route packets through the firewall than turning off routing altogether. 2) If you *do* need to route packets from one side to the other (for instance, awkward things like DCOM/RPC or rsh tend not to be proxyable), it's easy to do. If you don't have packet forwarding and you don't have a proxy, what do you do? PJDM ---- Peter Mayne, Digital Equipment Corporation (Australia), Canberra, ACT These are my opinions, and have nothing to do with Digital. "Forgive my long delay in writing, but I have been simply overwhelmed with work." - Letter from Miss Mina Murray to Miss Lucy Westenra; Dracula, Bram Stoker
-----Original Message----- From: Kjell Wooding Sent: Tuesday, June 02, 1998 1:21 AM To: firewall-wizards () nfr net Subject: Re: Newbie question - IP routing through a firewallI've read you shouldn't have IP Routing enabled in the firewall, that'sThat's dependant on the type of firewall, packet-level (yep) orapplicationlevel (nope).Hm? Seems to me you should have IP forwarding DISabled, and the firewall should be responsible for forwarding all traffic (Even in a packet filtering environment). If the kernel can forward packets across interfaces, you're asking for trouble. (Firewall gets disabled or otherwise, OS happily forwards ALL packets. Not the situation you want to see) -kj -- Kjell Wooding <kwooding () codetalker com> Codetalker Communications, Inc. http://www.codetalker.com/
Current thread:
- Re: Newbie question - IP routing through a firewall Kjell Wooding (Jun 01)
- <Possible follow-ups>
- RE: Newbie question - IP routing through a firewall Peter Mayne (Jun 02)