[vpn] help!!!

Sandy Harris sandy at storm.ca
Thu Oct 25 15:33:44 EDT 2001


"TAN, Raymond" wrote:

> Why must there be two IP addreses for a firewall ? For a routeur also ?
> etc..etc....

Sounds like you need a good basic book on TCP/IP. I like Doug Comer's
stuff, but there are many others.

IP addresses are assigned to interfaces, not to machines. A gateway ia a
host two or more interfaces, and therefore with addresses on two or more 
networks. It can then move packets between those nets.

Firewalls and routers are basically gateways with filtering. 

>         Also questions which often crop up like :
> 1.      when I configure a router with network translation, what is actually
> " seen " by the outside world (internet) ? As the RFC private non routable
> addresses of the company are translated, is it just ONLY the firewall IP
> public address which is visible to the outside world ?

Yes, if things are working right, all non-routable adreesses get translated.

> What if internal
> servers are accessible to the outside world and dispose of public IP
> adresses ? Are these IP adresses seen as is ? ie with their own publicly
> affected IP addresses to the outside world when they get through the company
> firewall to communicate with another server on internet or is it the address
> of the firewall which is systematically substituded to theses adresses and
> therefore the only visible address seen by the outside world ?

You can set it up either way.

> 2.      A routeur is itself a sort of firewall for IP filtering right ?.

Most routers can do packet filtering, so in that sense they are firewalls.

Many firewalls do additional things, like application-level proxying or
running inbtrusion detection software. Most routers are not capable of
these.

For details, try the Cheswick and Bellovin book.

> But
> a PC connected to a routeur where a software operates some sort of
> application filtering is also a firewall right ?

A PC can certainly do packet filtering and, with the right software,
other firewall things.

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list