Win 2k/2k3 server - bridging firewall?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi all!

Is it possible to use a box with Win 2000 or 2003 server as a bridging
firewall without NAT? The bridging part is quite easy, right? But which
firewall software can work without NAT? I know this can quite easily be done
with Linux, bridge utils and for example Shorewall. Is it even possible with
Windows?

Antti, Finland

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Antti wrote:
> Hi all!
>
> Is it possible to use a box with Win 2000 or 2003 server as a bridging
> firewall without NAT? The bridging part is quite easy, right? But which
> firewall software can work without NAT? I know this can quite easily be done
> with Linux, bridge utils and for example Shorewall. Is it even possible with
> Windows?
>
> Antti, Finland

I've never heard of a Windows based bridging firewall, but there's a
lot of info about Linux based bridgewalls, and the 2.6 kernel includes
some bridgewalling code that had to be patched into to the 2.4 kernel.

Shorewall is just a Web / GUI configuration tool for Linux netfilter;
under the hood, it's still just Linux.

It sort of boggles the mind, though, trying to create a locked
down bridgewall with any of the Windows OS, which are fundamentally
structured to favor letting things in, not keeping them out. Maybe
Win 2003 is different, but with Win9x and Win2K, there's no end of
things getting turned on/off behind your back, by updates, hidden
settings, new software and the like. IMHO, it doesn't seem a
good place to start for a secure firewall or bridgewall. I guess
it might be OK, if you go through the services list AND Nmap the
box on EVERY port after EVERY patch and update.

Me, I want a firewall that doesn't do ANYTHING I don't tell it
to do.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Antti" <antti.pullinenSPA.M@postikaista.net> wrote in
news:6Sgic.1331$Ah4.209@read3.inet.fi:

> Hi all!
>
> Is it possible to use a box with Win 2000 or 2003 server as a bridging
> firewall without NAT? The bridging part is quite easy, right? But
> which firewall software can work without NAT? I know this can quite
> easily be done with Linux, bridge utils and for example Shorewall. Is
> it even possible with Windows?
>
> Antti, Finland
>
>
>

You may want to look into IPsec that's on both O/S(s) which has a lot of
features like a FW.

You may want to further look at IPsec and the issues with NAT. But I
think that has more to do with the VPN side of IPsec and NAT.

Google has some articles on the topic of IPsec and NAT to help you make a
determination on the viability of using IPsec as a solution.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

IPsec is one powerful solution that's on the O/S that's overlooked.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Fri, 23 Apr 2004 22:34:42 GMT, Antti spoketh

>Hi all!
>
>Is it possible to use a box with Win 2000 or 2003 server as a bridging
>firewall without NAT? The bridging part is quite easy, right? But which
>firewall software can work without NAT? I know this can quite easily be done
>with Linux, bridge utils and for example Shorewall. Is it even possible with
>Windows?
>
>Antti, Finland
>

Checkpoint FW-1

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)