|
Firewall Wizards
mailing list archives
Re: stealth firewalls
From: "Volker Tanger" <volker.tanger () discon de>
Date: Fri, 18 Jan 2002 12:31:50 +0100
ark () eltex ru wrote:
nuqneH,
HIqIm! {{;-)
VPN peers are not required to be visible from VPN itself.
You can build a bridge that will take packet from (bridging) interface 0 on
machine A, encapsulate and encrypt it, send it via interface 1 to machine B's
interface 1, that will decrypt it and send out via interface 0 on machine B,
and vice versa.
Yes - but A1 and B1 have visible IP interfaces to the rest of the world
between them - thus A and B are no longer stealth firewalls by
definition? At least if using standard VPN like IPsec?
As for A0 and B0, yes, that part was understood. Albeit I prefer
"proper" (i.e. normal) routing over bridging. Makes debugging network
connections easier IMHO.
Bye
Volker
--
Volker Tanger <volker.tanger () discon de>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: stealth firewalls, (continued)
|
Intro
