Date: Tue, 12 Mar 2002 16:07:51 +1100 From: "Murray Taylor" <murraytaylor@bytecraftsystems.com> To: <freebsd-hackers@freebsd.org> Subject: Firewall and mpd Message-ID: <000801c1c983$dc122540$2a7627cb@MJTDEVNULL>
next in thread | raw e-mail | index | archive | help
(hopefully this is not too mangled by M$. It should display ok in fixed
width fonts)
Proposed firewall structure
We are proposing to augment our firewalling as follows
and I would like advice on how to (re)setup our MPD
installation.
I see two options
(a) put MPD on the bastion host and allow the GRE packets through
to it via the RED network, and then allow the authenticated TCP
packets from it through to the GREEN network.
(b) place a GIF tunnel on the bastion host and forward the GRE
packets on towarwds the GREEN network that way.
I have never used gif yet and am looking to those who have been
here before as to the most appropriate method.
INTERNET
|
GRE |
(pptp) |
| |
v | a...1
+---------------------+ +-----------------------+
| | | |
| Bastion host | | Access Router |
| | | |
| | | |
| MPD or gif tunnel | | |
| ? | | |
+---------------------+ +-----------------------+
| x...1 | x...126
TCP | ^ GRE |
| | | | |
v | GRE <-GRE v | RED
=============================================================
TCP-> TCP |
| |
v |
| x...32
+-----------------------+
| |
| Choke router |
| |
| |
| MPD here if gif? |
| |
+-----------------------+
| y...32
|
| GREEN
=============================================================
Murray Taylor -- Special Projects Engineer
Bytecraft Systems P/L
+61 3 8710 2555 phone +61 3 8710 2599 fax
www.bytecraftsystems.com www.bytecraftentertainment.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c1c983$dc122540$2a7627cb>