RE: [fw-wiz] OSPF on Firewall

From: Ran Nahmias (rnahmias_at_earthlink.net)
Date: 12/17/03

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"
    To: "'Shimon Silberschlag'" <shimons@bll.co.il>, <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 17 Dec 2003 16:37:51 -0500
    
    

    Shimon,

    Most advanced firewalls will support "OSPF pass through". If you have only
    two routers, it's even fairly safe as you can open the pass through for the
    specific IPs of both routers.

    -ran

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Shimon
    Silberschlag
    Sent: Wednesday, December 17, 2003 3:02 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] OSPF on Firewall

    Lets say that I have two routers (on an internal network) that talk OSPF
    between them.

    Now I have to insert a firewall in-between the two routers.

    I am led to believe (by the Communications people I work with) that there is
    no other option but to install OSPF on the firewall, which doesn't make me
    feel easy about the solution.

    Is it true that there is no other way around this problem?

    TIA,

    Shimon Silberschlag

    +972-3-9351572
    +972-51-207130

    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"

    Relevant Pages

    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...
      (Firewall-Wizards)
    • RE: [fw-wiz] OSPF on Firewall
      ... Being a dynamic routing protocol, I'm assuming you want to pass OSPF ... Cisco routers, you can use the "neighbor" command within OSPF ... From the firewall perspective, you would need to allow OSPF traffic to ...
      (Firewall-Wizards)
    • Re: Misconceptions
      ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
      (comp.security.firewalls)
    • Re: Hardware, software or both?
      ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... the attacker can then configure the ... transfer the client tells the server what port to connect to on the client. ... A 'helpful' firewall will watch for this message and reconfigure itself to ... routers that automatically block it to the outside world. ...
      (Firewall-Wizards)