[vpn] help!!!
Sandy Harris
sandy at storm.ca
Thu Oct 25 15:33:44 EDT 2001
"TAN, Raymond" wrote:
> Why must there be two IP addreses for a firewall ? For a routeur also ?
> etc..etc....
Sounds like you need a good basic book on TCP/IP. I like Doug Comer's
stuff, but there are many others.
IP addresses are assigned to interfaces, not to machines. A gateway ia a
host two or more interfaces, and therefore with addresses on two or more
networks. It can then move packets between those nets.
Firewalls and routers are basically gateways with filtering.
> Also questions which often crop up like :
> 1. when I configure a router with network translation, what is actually
> " seen " by the outside world (internet) ? As the RFC private non routable
> addresses of the company are translated, is it just ONLY the firewall IP
> public address which is visible to the outside world ?
Yes, if things are working right, all non-routable adreesses get translated.
> What if internal
> servers are accessible to the outside world and dispose of public IP
> adresses ? Are these IP adresses seen as is ? ie with their own publicly
> affected IP addresses to the outside world when they get through the company
> firewall to communicate with another server on internet or is it the address
> of the firewall which is systematically substituded to theses adresses and
> therefore the only visible address seen by the outside world ?
You can set it up either way.
> 2. A routeur is itself a sort of firewall for IP filtering right ?.
Most routers can do packet filtering, so in that sense they are firewalls.
Many firewalls do additional things, like application-level proxying or
running inbtrusion detection software. Most routers are not capable of
these.
For details, try the Cheswick and Bellovin book.
> But
> a PC connected to a routeur where a software operates some sort of
> application filtering is also a firewall right ?
A PC can certainly do packet filtering and, with the right software,
other firewall things.
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list