Re: FW: Firewall Project
On Mon, Aug 21, 2000 at 11:57:53AM -0700, Brent Fulgham wrote: > > > Can anyone comment on why Linux would be unsuitable for firewall use > > > in this configuration? > > > > Can you explain what an `active' packet is? > > > > That's my question as well. I can't find any reference to an "active" > packet definition. Could he mean some kind of "keep-alive" configuration? My guess (and it's only a guess) is that an 'active' packet (from the AS/400s point of view) is one sent down a connection that the AS/400 initiates, whilst a 'passive' packet is one sent down a connection initiated by the other end. In some primitive firewalling schemes connections can only be initiated in one directions (typically, in the case of a corporate firewall, only outbound connections). Needless to say, there is no 'limitation' of Linux in this respect --- a Linux firewall can be configured to forward and/or rewrite packets in any way desired. Jules -- Jules Bean |Any sufficiently advanced [EMAIL PROTECTED]| technology is indistinguishable [EMAIL PROTECTED] | from a perl script
Offtopic: Re: FW: Firewall Project
Offtopic, very much so. But the answer is, it's totally suitable... and commericial Linux based solutions exist, if they don't want to roll their own (for liability reasons, they might not). Try www.watchguard.com for one such answer. please follow up via email... this list is not the right forum for this. Seth The "technical" leadership at my wife's work are back-pedalling from using a Linux firewall between an AS/400 system and remotely-connected PC's based on the following argument: > To all Network Administrators: > > Problem: AS/400 can only communicate with active packets to and from the > client. Any type of passive packet exchange will result in a loss of > connectivity and invoke a Winsock error. > > Solution: Use an active firewall scheme > This "active" firewall will most likely consist of a windows-based solution. Can anyone comment on why Linux would be unsuitable for firewall use in this configuration? Thanks, -Brent
RE: FW: Firewall Project
> > Can anyone comment on why Linux would be unsuitable for firewall use > > in this configuration? > > Can you explain what an `active' packet is? > That's my question as well. I can't find any reference to an "active" packet definition. Could he mean some kind of "keep-alive" configuration? Or is it some weird AS/400 thing? -Brent
Re: FW: Firewall Project
On Mon, Aug 21, 2000 at 11:51:00AM -0700, Brent Fulgham wrote: > The "technical" leadership at my wife's work are back-pedalling from > using a Linux firewall between an AS/400 system and remotely-connected > PC's based on the following argument: > > > To all Network Administrators: > > > > Problem: AS/400 can only communicate with active packets to and from the > > client. Any type of passive packet exchange will result in a loss of > > connectivity and invoke a Winsock error. > > > > Solution: Use an active firewall scheme > > > > This "active" firewall will most likely consist of a windows-based > solution. > > Can anyone comment on why Linux would be unsuitable for firewall use > in this configuration? Can you explain what an `active' packet is? Peace, * Kurt Starsinic ([EMAIL PROTECTED]) -- Senior Network Engineer * | `The term `Internet' has the meaning given that term in | | section 230(f)(1) of the Communications Act of 1934.' | | -- H.R. 3028, Trademark Cyberpiracy Prevention Act |
FW: Firewall Project
The "technical" leadership at my wife's work are back-pedalling from using a Linux firewall between an AS/400 system and remotely-connected PC's based on the following argument: > To all Network Administrators: > > Problem: AS/400 can only communicate with active packets to and from the > client. Any type of passive packet exchange will result in a loss of > connectivity and invoke a Winsock error. > > Solution: Use an active firewall scheme > This "active" firewall will most likely consist of a windows-based solution. Can anyone comment on why Linux would be unsuitable for firewall use in this configuration? Thanks, -Brent