#You do realize that moving from Raptor to Sidewinder represents a complete
#paradigm shift, I hope? Sidewinder is generally considered a packet
#filtering (screening) firewall, whereas Raptor is generally a proxy
#firewall.
I have no idea where you got the idea that the Sidewinder is not an
application layer gateway. It IS MOST DEFINITELY an application layer
gateway. IMHO it is a better application layer gateway than the Raptor.
It HAS ALWAYS been an application layer gateway. Please do not spout off
about products that you know nothing about.
You need specific proxy code written to have a proxy for each protocol.
There is no firewall in the world that has a true application layer proxy
for every protocol. Since there are more protcols than proxies you need a
way to create a generic proxy based on ports, transport protocol (TCP or
UDP), and other factors. The Sidewinder has a lot of true application
layer proxies and the means to create generic proxies. It also has an
IPFilter. This allows you to pass non TCP or UDP traffic i.e. protocol 50,
51, 47 ect as well as TPC or UDP traffic if you do not want to use the
proxy. Every time there is a connection through the Sidewinder using a
proxy (generic or otherwise), there is a connection between the client and
the Sidewinder and a second connection between the Sidewinder and the
server. I have included an example using tcpdump for anyone from Missouri
=)
This is an ftp connection from my pc through the Sidewinder to
ftp.slashdot.org. I changed my real IP address to 10 net addresses
<ftp connection from my pc (10.10.10.11) to the sidewinder. The Sidewinder
is masqerading as 216.167.36.160 (ftp.slashdot.org)>
11:43:39.935341 10.10.10.11.1356 > 216.167.36.160.21: S
13369080:13369080(0)
win 8192 <mss 1460> (DF)
11:43:39.935613 216.167.36.160.21 > 10.10.10.11.1356: S
2171318096:2171318096
(0) ack 13369081 win 33580 <mss 1460>
11:43:39.939373 10.10.10.11.1356 > 216.167.36.160.21: . ack 1 win 8760 (DF)
11:43:40.203093 216.167.36.160.21 > 10.10.10.11.1356: P 1:7(6) ack 1 win
3358
0
11:43:40.396296 10.10.10.11.1356 > 216.167.36.160.21: . ack 7 win 8754 (DF)
11:43:40.396452 216.167.36.160.21 > 10.10.10.11.1356: P 7:86(79) ack 1 win
33
580
11:43:40.598641 10.10.10.11.1356 > 216.167.36.160.21: . ack 86 win 8675
(DF)
11:43:42.681047 10.10.10.11.1356 > 216.167.36.160.21: P 1:13(12) ack 86 win
8
675 (DF)
11:43:42.710192 216.167.36.160.21 > 10.10.10.11.1356: . ack 13 win 33580
11:43:42.714178 216.167.36.160.21 > 10.10.10.11.1356: P 86:102(16) ack 13
win
33580
11:43:42.901059 10.10.10.11.1356 > 216.167.36.160.21: . ack 102 win 8659
(DF)
11:43:45.313142 10.10.10.11.1356 > 216.167.36.160.21: P 13:28(15) ack 102
win
8659 (DF)
11:43:45.332971 216.167.36.160.21 > 10.10.10.11.1356: P 102:169(67) ack 28
wi
n 33580
11:43:45.504906 10.10.10.11.1356 > 216.167.36.160.21: . ack 169 win 8592
(DF)
11:43:45.505067 216.167.36.160.21 > 10.10.10.11.1356: P 169:175(6) ack 28
win
<ftp connection from the sidewinder(10.1.1.1) to
ftp.slashdot.org(216.167.36.160)>
11:43:40.202460 10.1.1.1.2785 > 216.167.36.160.21: S
2171792982:2171792982(0)
win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 3278489 0>
11:43:40.243470 216.167.36.160.21 > 10.1.1.1.2785: S
1817968084:1817968084(0)
ack 2171792983 win 2920 <mss 1460,nop,nop,timestamp 3256160016
3278489,nop,wsca
le 0> (DF)
11:43:40.243672 10.1.1.1.2785 > 216.167.36.160.21: . ack 1 win 33580
<nop,nop
,timestamp 3278489 3256160016>
11:43:40.289489 216.167.36.160.4555 > 10.1.1.1.113: S
1833508509:1833508509(0
) win 32120 <mss 1460,sackOK,timestamp 3256160021 0,nop,wscale 0> (DF)
11:43:43.284259 216.167.36.160.4555 > 10.1.1.1.113: S
1833508509:1833508509(0
) win 32120 <mss 1460,sackOK,timestamp 3256160321 0,nop,wscale 0> (DF)
11:43:49.426285 216.167.36.160.4555 > 10.1.1.1.113: S
1833508509:1833508509(0
) win 32120 <mss 1460,sackOK,timestamp 3256160921 0,nop,wscale 0> (DF)
11:43:50.285974 216.167.36.160.21 > 10.1.1.1.2785: P 1:73(72) ack 1 win
2920
<nop,nop,timestamp 3256161021 3278489> (DF)
11:43:50.334994 10.1.1.1.2785 > 216.167.36.160.21: . ack 73 win 33580
<nop,no
p,timestamp 3278509 3256161021>
11:43:54.944100 10.1.1.1.2785 > 216.167.36.160.21: P 1:17(16) ack 73 win
3358
0 <nop,nop,timestamp 3278518 3256161021>
11:43:54.985036 216.167.36.160.21 > 10.1.1.1.2785: . ack 17 win 2920
<nop,nop
,timestamp 3256161490 3278518> (DF)
11:43:54.986088 216.167.36.160.21 > 10.1.1.1.2785: P 73:145(72) ack 17 win
29
20 <nop,nop,timestamp 3256161490 3278518> (DF)
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
