112
Chapter 16: Using the Network Access Control Daemon
How It Works
The firewall runs different instances of the network access control daemon (netacl) on
different ports for different applications, based on the information in the
/usr/gauntlet/bin/gauntlet file. The /usr/gauntlet/bin/gauntlet file indicates which services
should run on which ports. For example, the firewall runs an instance of the network
access control daemon on port 23 to handle TELNET requests.
When the network access control daemon receives a request on a port on which it is
listening, the daemon checks its configuration information (in the netperm-table) and
determines whether the initiating host has permission to initiate this type of request. The
network access control daemon then verifies that it has permission to run. If the host does
not have permission or the network access control daemon is not permitted to run, the
firewall displays an error message.
If the host has permission and the network access control daemon is permitted to run,
the network access control daemon then starts the program specified in the
netperm-table. For example, the network access control daemon might start the TELNET
proxy (tn-gw) for some initiating hosts and the actual TELNET daemon (telnetd) for other
initiating hosts.
The default configuration of the Gauntlet Internet Firewall uses the network access
control daemon to control access to several different proxies and daemons. For example,
the default configuration of the Gauntlet Internet Firewall uses the network access
control daemon to control access to finger services. The network access control daemon
allows hosts on the inside network to use the UNIX finger daemon (fingerd) to gather
information from hosts outside the perimeter. However, for requests from the outside
networks for finger service, the network access control daemon calls cat to display a
message stating that the firewall does not accept finger requests.
Configuring the Network Access Control Daemon
Configuring the Gauntlet firewall involves planning, indicating which daemons the
system will run, configuring the proxy to enforce your policy, turning on your proxy, and
rebooting your firewall.
Consult the existing UNIX and Gauntlet firewall configuration files for examples of the
network access control daemon in use. This section describes using the network access
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......