RE: [fw-wiz] OSPF on Firewall

From: Carroll, Shawn (SCarroll_at_chittenden.com)
Date: 12/17/03

  • Next message: George Capehart: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"
    To: "Melson, Paul" <PMelson@sequoianet.com>, "Shimon Silberschlag" <shimons@bll.co.il>, <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 17 Dec 2003 17:16:36 -0500
    
    

    > That depends on the firewall. If you implement a bridging
    > firewall, then there should be no reason the routers need to
    > know that anything has changed.

    OpenBSD on a Pentium-100 is something I've done myself. Two nics, no IP addresses necessary on either interface. BRIDGES the packets from one machine to the next, so therefore is not another hop, and is transparent, except for picking off the packets you don't like, based on TCP/IP addresses/ports or other criteria you define. Think "packet-filtering bridge", FAQs on the web.

    > If inserting the firewall changes the path, then the obvious
    > solution is to have the firewall use OSPF also (assuming it's
    > supported). I don't want to say "no other way," but it does
    > make sense.
    >
    > PaulM
    >
    > -----Original Message-----
    > Lets say that I have two routers (on an internal network)
    > that talk OSPF
    > between them.
    >
    > Now I have to insert a firewall in-between the two routers.
    >
    > I am led to believe (by the Communications people I work
    > with) that there is
    > no other option but to install OSPF on the firewall, which
    > doesn't make me
    > feel easy about the solution.
    >
    > Is it true that there is no other way around this problem?
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: George Capehart: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"

    Relevant Pages

    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...
      (Firewall-Wizards)
    • RE: [fw-wiz] OSPF on Firewall
      ... Being a dynamic routing protocol, I'm assuming you want to pass OSPF ... Cisco routers, you can use the "neighbor" command within OSPF ... From the firewall perspective, you would need to allow OSPF traffic to ...
      (Firewall-Wizards)
    • Re: Misconceptions
      ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
      (comp.security.firewalls)
    • Re: Hardware, software or both?
      ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... the attacker can then configure the ... transfer the client tells the server what port to connect to on the client. ... A 'helpful' firewall will watch for this message and reconfigure itself to ... routers that automatically block it to the outside world. ...
      (Firewall-Wizards)