RE: [fw-wiz] OSPF on Firewall

From: Carroll, Shawn (SCarroll_at_chittenden.com)
Date: 12/17/03

  • Next message: George Capehart: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft" 
    To: "Melson, Paul" <PMelson@sequoianet.com>, "Shimon Silberschlag" <shimons@bll.co.il>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 17 Dec 2003 17:16:36 -0500

    > That depends on the firewall. If you implement a bridging
    > firewall, then there should be no reason the routers need to
    > know that anything has changed.

    OpenBSD on a Pentium-100 is something I've done myself. Two nics, no IP addresses necessary on either interface. BRIDGES the packets from one machine to the next, so therefore is not another hop, and is transparent, except for picking off the packets you don't like, based on TCP/IP addresses/ports or other criteria you define. Think "packet-filtering bridge", FAQs on the web.

    > If inserting the firewall changes the path, then the obvious
    > solution is to have the firewall use OSPF also (assuming it's
    > supported). I don't want to say "no other way," but it does
    > make sense.
    >
    > PaulM
    >
    > -----Original Message-----
    > Lets say that I have two routers (on an internal network)
    > that talk OSPF
    > between them.
    >
    > Now I have to insert a firewall in-between the two routers.
    >
    > I am led to believe (by the Communications people I work
    > with) that there is
    > no other option but to install OSPF on the firewall, which
    > doesn't make me
    > feel easy about the solution.
    >
    > Is it true that there is no other way around this problem?
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: George Capehart: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"

    Relevant Pages

    • RE: [fw-wiz] OSPF on Firewall
      ... Being a dynamic routing protocol, I'm assuming you want to pass OSPF ... Cisco routers, you can use the "neighbor" command within OSPF ... From the firewall perspective, you would need to allow OSPF traffic to ...
      (Firewall-Wizards)
    • Re: Misconceptions
      ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
      (comp.security.firewalls)
    • Re: Hardware, software or both?
      ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] OSPF on Firewall
      ... > Lets say that I have two routers (on an internal network) that talk OSPF ... > Now I have to insert a firewall in-between the two routers. ...
      (Firewall-Wizards)
    • Re: [fw-wiz] OSPF on Firewall
      ... > Lets say that I have two routers that talk OSPF ... > Now I have to insert a firewall in-between the two routers. ... to their underlying bridging configuration to get it to work. ...
      (Firewall-Wizards)