[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Stealth firewall - Is possible under WIN2K?
You can also grab Lucent's Brick http://www.lucent.com/ins/products/vpnfirewall/ .
They can operate at layer two so you can stick them wherever you want and
they're totally transparent.
Rocky Stefano
Echelon Systems Inc.
[email protected]
www.echelonsystems.com
B
F
Cell
Cell Fax
Systems that
work...
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This
email may contain confidential and/or privileged information for the sole use of
the intended recipient. Any review or distribution by others is strictly
prohibited. If you have received this email in error, please contact the sender
and delete all copies. Opinions, conclusions or other information expressed or
contained in this email are not given or endorsed by the sender unless otherwise
affirmed independently by the
sender.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----Original
Message-----
From: [email protected]
[mailto:[email protected]]On
Behalf Of
Robert MacDonald
Sent: Monday, February 19, 2001 3:33 PM
To:
[email protected]; [email protected]
Subject: Re: [FW1]
Stealth firewall - Is possibile under win2k?
Stefano,
If
you truely mean between the router and the Internet(ISP),
than you can't do
that without somebody knowing. Firewalls
would need to make use of IP
addresses.
With that said, you could, however look into Sun's
Sunscreen.
I think they allow for a transparent fw.
If your looking to
slip a real firewall behind the router, then it
depends. How smart are the
people you want to fool?
If they have any network gray matter, you can't. If
your
looking to place the firewall in front of 'normal' users and
your the
only network administrator, not a problem.
I'll assume(ack) that the
internal clients are using the
IP address of the router (B1) as their next
hop in the
default route and you not using ip unnumbered on
the router(C1
= your ISP/public network)
Let's use the following. You've got to love
ASCII art - OK,
so you
don't.
Internal<-->[B1]router[C1]<-->Internet
You
could place the fw into your network with the address of
the routers internal
IP address (B1). Then give the internal
interface of the router a new network
IP address and add
an IP from the same network the external IP address of
the
fw.
Now it would look like this and you wouldn't need to
touch
the internal
systems.
Internal<-->[B1]fw[D1]<-->[D2]router[C1]<-->Internet
HTH.
Robert
(p.s.
A1 is a reserved network, not to be used in this example ;-)
-
-
Robert P. MacDonald
Global Infrastructure Group, Haworth, Inc.
Voice:
email: [email protected]
>>>
"[OmNiY2K]" <[email protected]> 02/15/01 03:02AM
>>>
>
>Hi to all,
>
>how can i configure
firewall-1 to being a stealth firewall on win2k? I need to
>put a firewall
between router and my internet network in a transparent way....so
>I can't
assign IP addr to two NIC of firewall....
>
>Bye,
Stefano
================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
================================================================================
BEGIN:VCARD
VERSION:2.1
N:Stefano;Rocky
FN:Rocky Stefano
ORG:Echelon Systems Inc.
TITLE:President
TEL;WORK;VOICE:TEL;CELL;VOICE:TEL;PAGER;VOICE:TEL;WORK;FAX:ADR;WORK:;;101 Ridgeway Court;Maple;Ontario;L6A 2R5;Canada
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:101 Ridgeway Court=0D=0AMaple, Ontario L6A 2R5=0D=0ACanada
URL:
URL:http://www.echelonsystems.com
EMAIL;PREF;INTERNET:[email protected]
REV:20000809T045801Z
END:VCARD