Firewall Wizards mailing list archives
Re: stealth firewalls
From: "Volker Tanger" <volker.tanger () discon de>
Date: Fri, 18 Jan 2002 12:31:50 +0100
ark () eltex ru wrote:
nuqneH,
HIqIm! {{;-)
VPN peers are not required to be visible from VPN itself. You can build a bridge that will take packet from (bridging) interface 0 onmachine A, encapsulate and encrypt it, send it via interface 1 to machine B's interface 1, that will decrypt it and send out via interface 0 on machine B,and vice versa.
Yes - but A1 and B1 have visible IP interfaces to the rest of the world between them - thus A and B are no longer stealth firewalls by definition? At least if using standard VPN like IPsec?
As for A0 and B0, yes, that part was understood. Albeit I prefer "proper" (i.e. normal) routing over bridging. Makes debugging network connections easier IMHO.
Bye
Volker
--
Volker Tanger <volker.tanger () discon de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: stealth firewalls, (continued)
- Re: stealth firewalls ark (Jan 18)
- RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)