Next | Prev | Up | Top | Contents | Index

Routers and Firewalls

The firewall host is typically combined with a router, whether provided as part of your connection to your Internet service provider or added by you to your private configuration.

Routers, if properly configured, provide a certain degree of security by filtering IP packets. You can use your IRIX host as an IP packet filter as described in the ipfilterd(1M) reference page. Usually, routers are complete hardware devices that provide high-speed IP packet filtering. While many routers can be configured to provide IP packet-level security, they do not support such features as proxies and authentication.

Proxies are proxy servers, which provide for application specific control of network resources.[2] Authentication is a technique you can employ to require users to verify that they are who they say they are. To add these features and more, you must have a network hardware configuration such as the IRIX host setups described in the following sections.

You can use IP packet filtering and application-level controls by combining routers with firewalls. When using a router with a firewall host, configure it to allow traffic only to the firewall host. You should filter out:

Consult with your Internet service provider to determine the packet filtering options available for your Internet connection. You can also add routers to your firewall configuration as described in the next section, and then configure your routers with additional filtering options (refer to the router vendor documentation for details). (See also "Packet Filtering Gateways," in Firewalls and Internet Security, by Cheswick and Bellovin, referenced in "Additional Resources" on page xxi.)

[2] For example, the Netscape Proxy Server(TM) offers application proxies for several common network services including World Wide Web HTTP servers.
[3] Internet Control Message Protocol
Next | Prev | Up | Top | Contents | Index