[svlug] Re: swap setup
Seth David Schoen
schoen at uclink4.berkeley.edu
Wed Oct 28 01:16:27 PST 1998
Rick Moen writes:
> > I wish I could get pine to retrieve my mail from a remote POP or IMAP
> > server....
> Your "firewall"'s in the way, unless you have POP3 or IMAP proxies in that
> "firewall" -- by which term I assume you mean a proxy application gateway.
> If, by contrast, you mean a secure router, then pine should be able to reach
> remote POP servers with no difficulty unless the router blocks that port.
> Check with your WAN admins.
I've usually seen "firewall" used to mean "deliberately broken router";
the degree to which the router is broken, and the manner in which it is
broken, may vary.
This is the way the Linux firewall code uses the term, and also the way
a number of firewall vendors use the term; they supply products which are
routers, because they have a means of setting policies for routing.
In fact, the router that is so broken that it does not route at all is not
often called a "firewall" in the more technical descriptions I've read; it's
often called a proxy host, application proxy, or bastion host.
"Broken" here means "violating the end-to-end model or the Internet Protocol,
as amended"; of course, that may be begging the question, because RFCs have
indeed been filed which try to legitimize the various things that firewall
do. ("The inability of this router to pass ICMP packets in one direction
is not a bug, it's a feature!") Perhaps I'm just bitter, having had too
many unpleasant experiences with default-deny ("Soviet") firewalls run by
unsympathetic or unresponsive administrators.
A default-allow firewall makes much more sense to me, but perhaps I am just
an optimistic person.
Seth David Schoen L&S '01 (undeclared) / schoen at uclink4.berkeley.edu
He said, "This is what the king who will reign over you will do." And they
said, "Nay, but we will have a king over us, that we also may be like all the
nations." (1 Sam 8) http://ishmael.geecs.org/~sigma/ http://www.loyalty.org/
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
More information about the svlug