RE: BGP, TCP, & Firewalls [7:14286]

2001-08-01 Thread Michael Eckhoff
You need to clarify if you're running BGP on the firewall as well. If you are, quit it. If not, then your BGP peers will need to communicate through the firewall, so yes, you will need to allow them TCP access to each other. As for someone probing your firewall to see if you are doing BGP troug

Re: BGP, TCP, & Firewalls [7:14286]

2001-07-31 Thread John Abruzzese
Thanks Alan John - Original Message - From: "W. Alan Robertson" To: "John Abruzzese" ; Sent: Monday, July 30, 2001 6:21 PM Subject: Re: BGP, TCP, & Firewalls [7:14286] > John, > > Not to the best of my knowledge... The way I understand i

Re: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread John Neiberger
traffic will flow across this connection. Alan - Original Message - From: "John Abruzzese" To: "W. Alan Robertson" ; Sent: Tuesday, July 31, 2001 3:04 AM Subject: Re: BGP, TCP, & Firewalls [7:14286] > Alan, > > When trying to connect to a peer u

RE: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread Howard C. Berkowitz
Perhaps I'm being pedantic, but I think of a firewall as a multi-component system. The BGP should ideally be on its own router, or, as a second choice, on the external choke that connects to the DMZ. The proxy server/stateful inspection machine, etc., is connected to the DMZ, and then connect

RE: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread Chuck Larrieu
port 179, as someone else said. but if you are doing this through a firewall, you will also need a static NAT. you will also need an eBGP multihop configured for your eBGP neighbor, as will that neighbor to reach you ( eBGP assumes the neighbors are on the same segment ) I've actually never tried

Re: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread W. Alan Robertson
empts to connect to the other router on well-known port 179. All traffic will flow across this connection. Alan - Original Message - From: "John Abruzzese" To: "W. Alan Robertson" ; Sent: Tuesday, July 31, 2001 3:04 AM Subject: Re: BGP, TCP, & Firewalls [7:14286]

Re: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread John Abruzzese
rtson" To: Sent: Monday, July 30, 2001 4:53 PM Subject: Re: BGP, TCP, & Firewalls [7:14286] > Yes, you need to allow TCP port 179 outbound... This way, only your > internal BGP speaker will be allowed to initiate the connection, and > external probes inbound on 179 will fail

Re: BGP, TCP, & Firewalls [7:14286]

2001-07-30 Thread W. Alan Robertson
Yes, you need to allow TCP port 179 outbound... This way, only your internal BGP speaker will be allowed to initiate the connection, and external probes inbound on 179 will fail (No need to let those nasty hacker know that you're running BGP through the firewall, right?). Alan - Original Me