On Tue, 10 Apr 2001, ks Quah spewed into the ether:
> How does a bastion host work?
A bastion host is a specially hardened machine which is directly
exposed to the Internet. IT basically runs a minimal set of services
(which are themselves stripped down to minimal features). This will
have almost no local users (other than administrator/root, it should
have none). By setting services on such hosts (like email), mail can be
checked for safety (viruses, etc) before actually delivering it to the
final recepient server.
> Does all the traffic goes through it before going to the internet
> network??? what happened if some1 from the internel network wanna to
> surf the net... he have to pass the bastion host before going
> into the net?
Normally, yes, all traffic going outward from your internal network
must go through at least one bastion host before reaching the net.
All firewalls should be on bastion hosts, but not all bastion hosts
need be firewalls.
Devdas Bhagat
--
"It doesn't much signify whom one marries for one is sure to find out next
morning it was someone else."
-- Rogers
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
