| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
The AltaVista Firewall can be configured to hide all internal host addresses
from the external (untrusted) network. Addresses on outgoing mail messages
are rewritten to hide host names -- typically, the host name is replaced by
the name of the domain only.
*
* The AV Firewall maps the internal addresses to the address of the Domain
* Name at the Firewall. What's the MAX # of addresses on the Blue Net that
* can be mapped to the Firewall Domain Name address?
* Is there any such upper-limit?
Regards,
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1773.1 | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Thu Feb 06 1997 22:48 | 12 | |
To distill hundreds of pages of sendmail book to one line, address rewriting essentially works (or can be made to work) like this: Rewrite "From:" addresses of the form user@* to [email protected] The maximum number of addresses is therefore anything that matches *, which is essentially infinite. If you feel uneasy with this, you might want to be a bit more explicit about what you want. PJDM | |||||
| 1773.2 | TENNIS::KAM | AltaVista Software 714/261-4133 DTN 535.4133 | Sat Feb 08 1997 02:32 | 24 | |
Some of our Firewall Competitors are advertising true NAT (Network
Address Translation). On the exterior interface of the firewall they
can assign a pool of IP addresses e.g. 1-x. On the Blue Net you can
have y hosts, where y > x. Then when a host on the blue net attempts
to communicate through the firewall they will be assigned one of the IP
addresses from 1-x.
The AltaVista Firewall has one IP address at the exterior interface and
all Blue net addresses get mapped to this address.
"7.12. Network Address Translation
The AltaVista Firewall for NT can be configured to hide all internal
host addresses from the external (untrusted) network. Addresses on
outgoing mail messages are rewritten to hide host names -- typically,
the host name is replaced by the name of the domain only."
A customer asked if it was possible to saturate the Network Address
Translation that we do e.g., eventually a host on the Blue net wouldn't
be mapped to the exterior IP address.
This is the FUD that our Competition is spreading about us.
Regards,
| |||||
| 1773.3 | confusion? | ANNECY::HOTCHKISS | Tue Feb 11 1997 06:58 | 7 | |
why is this FUD?It's true.I think you are confusing address translation
at the IP level with hiding mail addresses by changing them.If you want
address translation at the IP level,then don't use our firewall - use
either some sort of box like PIX(together with its 'features') or hide
ALL the addresses(even illegal ones) using wired proxies(obtainable
from our web site (but no GUI for the visually impaired ;-))
btw - read rfc1919 too
| |||||