[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: clarification on rfc-1597 addresses and transparent proxies
From: Paul Ferguson <pferguso () cisco ! com>
Date: 1995-11-10 6:20:28
[Download RAW message or body]
Apologies if this has already been suggested, but have you taken a look
at http://www.translation.com?
- paul
At 07:22 AM 11/9/95 -0700, Dieter Dworkin Muller wrote:
>
>I wrote:
>: However, my user community needs to be
>: able to do things like ftp and telnet from their desks.
>
>In writing that, I left out the important bits, aka the implementation
>requirements:
>
>- I'm not allowed to modify what software they run
>- it has to be completely transparent
>- isolate us from having to change network addresses
>
>Partly, it's a political restriction (``I won't change how I do
>things, therefore anything you do has to work with my existing tools
>without me seeing any difference''), and partly practical (I don't
>want to deal with trying to create proxy-aware dos, windows, nt, and
>os/2 applications for the non-standard things being done on our net).
>
>The address change requirement is because we are currently in the
>`swamp', as it is referred to by various major ISPs. They're
>threatening to stop routing single networks in that range, so we're
>looking at having to renumber soon. We'd rather do it once (to an
>ISP-provided net number), and not have to worry about it again if we
>ever change ISPs. Changing to an internal rfc-1597 network and an
>external-only ISP-provided network should give us the desired
>isolation -- no one internal will have to do anything if/when we
>change to a different ISP and ISP-provided network number.
>
>These restrictions are why I am looking at the (admittedly
>non-trivial) concept of virtual addresses and weird DNS.
>
--
Paul Ferguson || ||
Consulting Engineering || ||
Reston, Virginia USA |||| ||||
tel: +1.703.716.9538 ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com c i s c o S y s t e m s
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic