| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
What Applications are really Circuit-level Proxies/Gateways?
I found this on the Net. After reading our literature a little closer it
appears that for the Digital UNIX and Windows NT version actually use a
Circuit-level gateway for the following services: SMTP Mail and NNTP
News. I'm going to make this statement because these are really actually
relays for the information once the connection has been established.
Can anyone comment?
"Circuit-Level Gateways
[Ches94] defines another firewall component that other authors
sometimes include under the category of application gateway. A
circuit-level gateway relays TCP connections but does no extra
processing or filtering of the protocol. For example, the TELNET
application gateway example provided here would be an example of a
circuit-level gateway, since once the connection between the source
and destination is established, the firewall simply passes bytes between
the systems. Another example of a circuit-level gateway would be for
NNTP, in which the NNTP server would connect to the firewall, and
then internal systems' NNTP clients would connect to the firewall. The
firewall would, again, simply pass bytes.
AltaVista Firewall
Digital UNIX Windows NT
FTP Application Application
Telnet Application Application
SMTP Circuit-level Circuit-level
HTTP Application Application
NNTP Circuit-level Circuit-level
Finger Application Application
Generic Application Application
Regards,
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1756.1 | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Sun Feb 02 1997 17:03 | 8 | |
Since you can connect to smtpxd and talk to it, and it has enough intelligence to transfer mail without directly involving sendmail, I'd say smtpxd was not a circuit-level gateway by this definition. On the other hand, NNTP is done by using a generic proxy which obviously has no knowledge of what it's passing, so that sounds right. PJDM | |||||
| 1756.2 | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Feb 05 1997 08:32 | 7 | |
Re .1: smtpxd cannot deliver mail, as far as I was told. What it does
is receive a mail, drop it into sendmail's queue, and then trigger
sendmail to attempt to deliver that mail.
... just being my usual picky self ...
T
| |||||
| 1756.3 | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Thu Feb 06 1997 22:56 | 9 | |
But in .1 I said "transfer", not "deliver". The mail has to be transferred from another system to the firewall, and thence to the mail queue, and smtpxd has to have enough smarts to participate in that transfer, which would make it not a circuit-level gateway. I don't mind you being picky, but in this case there wasn't anything to be picky about. 8-) PJDM | |||||