The BARRICADE is a firewall for TCP/IP traffic control
operating on a PC-compatible computer with two network interfaces.
One interface is connected with internal the LAN to be protected, the
other one is connected to the public network (Internet). Private
addressing is used in the internal LAN. Multiple C-class
IP-addresses are supported in the internal LAN (or WAN).
There is no IP-level traffic between network interfaces -
all traffic is passed through application-level proxies.
RESTRICTIONS TO THE INBOUND TRAFFIC:
Two services only are intermediated from the external to the internal
network:
- e-mail - the BARRICADE
contains a two-level mail proxy transferring the mail to the mail server
with users' mailboxes in the internal network
- deslogin -
an encrypted remote terminal session to the BARRICADE can be established
from the external network, using a special deslogin client
RESTRICTIONS TO THE OUTBOUND TRAFFIC:
No restrictions for the traffic from the internal network to the external
network are made.
PROXIES:
The BARRICADE includes a series of proxies allowing for the protected
internal LAN hosts to use services of the external network servers.
The following proxies are used:
- a general-purpose Socks proxy intermediating all of the Socks-compatible
network services clients
- a cacheing WWW proxy
- Telnet proxy
- FTP proxy
- mail (SMTP) proxy
- Usenet news (NNTP) proxy
- IRC proxy
The NNTP and IRC services are bound to a single external server specified
by the BARRICADE administrator.
PUBLIC SERVICES:
The BARRICADE includes three prefonfigured information servers accessible
for any client from internal as well as external network:
- WWW server
- FTP server
- name server
INTERNAL SERVICES:
The following services can be accessed only from the protected LAN:
- DHCP server used for the automatic configuration of
the workstations
- internal name server for the name management of the
LAN hosts
MANAGING THE BARRICADE:
The management of the BARRICADE is carried out by two users with
different access rights. The Root User has complete
control over the BARRICADE. The Infoservers
Administrator has access (with the password specified by the
Root User) to the files served by the public information servers.
The Root User can manage the BARRICADE:
- From a workstation having a fixed IP address in the internal network,
using the WWW browser. The BARRICADE identifies the
authencity of the administrator by his IP address and password. This
method of administration is usually sufficient for any monitoring and
configuration operations.
- From the BARRICADE console. The access is restricted through the
password. The console operation is needed for certain rare management
procedures (changing the passwords, special configuration of the system).
- From a remote terminal using the deslogin client. The options are the
same as for the console mode.
