Today's ISN Sponsor: Repent Security Incorporated
---------- Forwarded message ----------
From: James Ullrey <ullrey@lanminds.com>
Cc: dc-stuff@dis.org
Date: Mon, 16 Mar 1998 07:17:23 -0800 (PST)
Subject: Re: Mac Firewall
>Anyone know of a firewall application that runs on a mac. Have
>had serious difficulty finding one.
VICOM Technology's Internet Gateway.
James Ullrey © 1997
VICOM Technology Ltd. has a product called Internet Gateway(IG), now in
version 4.0, which they claim has firewall capabilities. Runs on the Mac.
Please route all comments of the nature "Macs suck" to /dev/null.
One creates an internet proxy port on the gateway machine which functions
as a router. I configured the gateway to also have an ethernet LAN port. A
mirror port was created automatically. Through this mirror port machines on
the LAN can connect through the gateway machine to the net via an ISP. I
connected to the gateway machine over an ethernet link a second Macintosh,
a 7100, selected for its ability to run MkLinux. The internet proxy port
has as its IP address the static IP address assigned to my site by my ISP.
The ethernet LAN is arbitrarily assigned an IP address of the type
nnn.nnn.nnn.100 which is also the router address placed in the Router
Address field of the TCP/IP control panel in the non gateway machines on
the network. The IP addresses nnn.nnn.nnn.1 through nnn.nnn.nnn.99 are used
for the DHCP(Dynamic Host Configuration Protocol) which are addresses
dynamically assigned to machines on the network as needed. I installed
StarNine's web server, WebStar, and Qualcomm's mail server, Eudora Internet
Mail Server (EIMS) v 1.2 onto a machine connected on an ethernet network.
The 7100 has a manually assigned IP address of nnn.nnn.nnn.101. To allow
inbound net access to mail and web servers one selects from the Gateway
menu the Inbound Mapping menu item, and in the dialog box that appears
clicked the New Host button and the IP address nnn.nnn.nnn.101 is entered
in the IP Address field. In that dialog box the IG is set to map requests
for port 25 on the gateway machine to port 25 on the mail server machine
situated on the ethernet network. The process is repeated for the web
server, this time mapping port 80. I run both the mail server and the web
server on the 7100 under MacOS 8. I would rather have an additional machine
and run the mail server on one and the web server on the other.
I tested the functionality by launching Netscape on the LAN machine and
accessed a web page on the net. I tested the functionality of the servers
by opening a telnet connection to my ISP's server, then from the shell
opened telnet on the ISP machine and opened a connection to both the web
server and the mail server in turn by specifying the IP address of the IG
machine followed by a space and first 80 for the webserver. Using the 'GET'
protocol and the name of a file I knew to be in the directory in which
WebStar runs, was able to view the contents of the file in text mode in the
telnet window. I similarly repeated the procedure for port 25 and sent
myself some mail under an assumed name and watched the EIMS log file on the
network machine report the process. So it works. It was fun. There is more
functionality available and as I learn it I will report about it in future
articles. I hope to find in the documentation instructions for packet
filtering.
At MacWorld expo I accosted a representative of VICOM at their booth and
asked them if they had a response to the land attack and they were not able
to assure me that their company was responsive to such threats.
A gut feeling I got from running this product over a series of weeks is
that it slows access to web sites.
http://www.vicomtech.com/appleshare.ip
info@vicomtech.com
VICOM Technologies Ltd.
465 Fairchild Drive, suite 202
Mountain View CA 94043
(415) 967-5506
If you wish to receive ISN directly, mail majordomo@sekurity.org with "subscribe isn".
ISN is a non-profit list designed to keep Security Professionals aware.
Received on Mon Mar 16 15:20:25 1998