Three ported/NIC'd firewall.

To: Hubert Weikert <weikert@muninn.cube.net>
Cc: Debian Firewall List <debian-firewall@lists.debian.org>, ft114@fen.baynet.de
Subject: Three ported/NIC'd firewall.
From: Henry Hollenberg <speed@barney.iamerica.net>
Date: Mon, 9 Mar 1998 21:03:05 -0600 (CST)
Message-id: <[🔎] Pine.LNX.3.95.980309202935.326N-100000@barney.iamerica.net>
In-reply-to: <[🔎] Pine.LNX.3.96.980307215400.1098I-100000@muninn.cube.net>

I discussed the possibility of using a singel system with 3 NIC's with Jens Hellmerichs-Friedrich 
(of FCT):

http://www.fen.baynet.de/~ft114/FCT/index.htm

and he seemed to think that this would be as "secure" if set up properly
as putting togther two systems with two NIC's apiece.  He felt the
assistance of a rule generator such as FCT would be key to making a
complex system such as a three ported router something which could be
configured routinely without "pulling your hair out".

Below see examples of two vs three ported packet filters:

Firewall Architecture = screened subnet:

Two two Ported packet filters vs.

----------  inet
   a	     |
   a	     |
 S a	     |  
 u :    pipeline50 aaa.bb.cc.1
 b b	     |
 n b	     |
 e :	    HUB-----my regular hosts that I'm using to type this email.
 t c         |
   c	     |
   :         |
   0     _____________
        |aaa.bb.cc.8  |	  
        |             |
________| pacfil-a    |
        |             |
        |aaa.bb.cc.129|
   a	 ------------- 
   a         |
 S a	     |
 u :	     |	       _____________ 
 b b	     |	      |             |
 n b	    HUB-------|   bast-1    |
 e :	     |	      |aaa.bb.cc.130|
 t c	     |	      |_____________|
   c	     |	       
   :    _______________
   1   | aaa.bb.cc.131 |	  
   2   |               |
   8   |  pacfil-b     |
-------|	       |
  1    | 192.168.1.1   |
  9      -------------- 
I 2 	      |
N :  	      |
T 1	      |
E 6	 --------------  
R 8	|	       |
N :	|  test host   |
A 1	| 	       |
L :	| 192.168.1.2  |
  0	|______________|
N
E
T


One Three ported packet filter.




-------    inet
   a	     |
   a	     |
 S a	     |  
 u :    pipeline50 aaa.bb.cc.1
 b b	     |
 n b	     |
 e :	    HUB-----my regular hosts that I'm using to type this email.
 t c         |
   c	     |
   :         |
   0         ---------
       	     	     |
             	     |
_______    -----------------------
          |     aaa.bb.cc.8       |
   a	  |   			  |
   a      |    			  |
 S a	  |    			  |
 u :	  |    	                  |               _____________ 
 b b	  |    	                  |              |             |
 n b	  |         aaa.bb.cc.129 |----HUB-------|   bast-1    |
 e :	  |    	                  |              |aaa.bb.cc.130|
 t c	  |    	                  |              |_____________|
   c	  |   Packet Filter &     |
   :      |   Masquerade System	  |
   1      |			  |
   2      |                       |
   8      |			  |
	  |			  |
	  |     192.168.1.1	  |
-------    -----------------------			  
  1      	    |
I 2 	            |
N :  	            |
T 1	            |
E 6	      --------------  
R 8	     |	            |
N :	     |  test host   |
A 1	     | 	            |
L :	     | 192.168.1.2  |
  0	     |______________|
N
E
T





	Henry Hollenberg     speed@barney.iamerica.net 



--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to:

References:
- Re: Just noise: Leaving
  - From: Hubert Weikert <weikert@muninn.cube.net>

Prev by Date: Re: Which directorys should be read only vs. writable.
Next by Date: socksified libc
Previous by thread: Re: Just noise: Leaving
Next by thread: Re: Just noise: Leaving
Index(es):
- Date
- Thread