Re: Firewalls

Mike Pelletier (mikep@comshare.com)
Tue, 3 Dec 1996 09:15:47 -0500 (EST)


On Mon, 2 Dec 1996, Bill Woodland (Squeek) wrote:

> Your admin should know how to do this...if he doesn't, send him to school.
> Some firewalls might use a slightly different syntax, but the gist of it is
> to allow UDP ports 7640-7652 to be passed thru the firewall:
>
> permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7640
> permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7641
> .
> .
> .
> permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7651
> permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7652
>
> where xxx.xxx.xxx.xxx would be the broadcast address of your LAN.

See, I think your firewall may be designed to a different security model
than ours is. Ours is an application layer firewall. Packets from
internal machines are not routed to and from the Internet. If an internal
machine wants to do anything with the Internet, it talks directly to a
specific service on the internal-net ethernet card on the firewall
machine. Internal machines have no route out to the Internet.

What you're describing would work on a network-layer, packet-filtering
firewall, but that's not how we're set up here.

-Mike Pelletier.