Dual-homed Gateway Firewall



next up previous contents
Next: Screened Host Firewall Up: Putting the Pieces Previous: Packet Filtering Firewall

Dual-homed Gateway Firewall

The dual-homed gateway (fig. gif) is a better alternative to packet filtering router firewalls. It consists of a host system with two network interfaces, and with the host's IP forwarding capability disabled (i.e., the default condition is that the host can no longer route packets between the two connected networks). In addition, a packet filtering router can be placed at the Internet connection to provide additional protection. This would create an inner, screened subnet that could be used for locating specialized systems such as information servers and modem pools.

Unlike the packet filtering firewall, the dual-homed gateway is a complete block to IP traffic between the Internet and protected site. Services and access is provided by proxy servers on the gateway. It is a simple firewall, yet very secure.gif

  
Figure: Dual-homed Gateway Firewall with Router.

This type of firewall implements the second design policy, i.e., deny all services unless they are specifically permitted, since no services pass except those for which proxies exist. The ability of the host to accept source-routed packets would be disabled, so that no other packets could be passed by the host to the protected subnet. It can be used to achieve a high degree of privacy since routes to the protected subnet need to be known only to the firewall and not to Internet systems (because Internet systems cannot route packets directly to the protected systems). The names and IP addresses of site systems would be hidden from Internet systems, because the firewall would not pass DNS information.

A simple setup for a dual-homed gateway would be to provide proxy services for TELNET and FTP, and centralized e-mail service in which the firewall would accept all site mail and then forward it to site systems. Because it uses a host system, the firewall can house software to require users to use authentication tokens or other advanced authentication measures. The firewall can also log access and log attempts or probes to the system that might indicate intruder activity.

The dual-homed gateway firewall, as well as the screened subnet firewall mentioned later in this chapter, provides the ability to segregate traffic concerned with an information server from other traffic to and from the site. An information server could be located on the subnet between the gateway and the router, as shown in figure gif. Assuming that the gateway provides the appropriate proxy services for the information server (e.g., ftp, gopher, or http), the router can prevent direct Internet access to the firewall and force access to go through the firewall. If direct access is permitted to the server (which is the less secure alternative), then the server's name and IP address can be advertised by DNS. Locating the information server there also adds to the security of the site, as any intruder penetration of the information server would still be prevented from reaching site systems by the dual-homed gateway.

The inflexibility of the dual-homed gateway could be a disadvantage to some sites. Since all services are blocked except those for which proxies exist, access to other services cannot be opened up; systems that require the access would need to be placed on the Internet side of the gateway. However, a router could be used as shown in figure gif to create a subnet between the gateway and the router, and the systems that require extra services could be located there (this is discussed more in section gif with screened subnet firewalls).

Another important consideration is that the security of the host system used for the firewall must be very secure, as the use of any vulnerable services or techniques on the host could lead to break-ins. If the firewall is compromised, an intruder could potentially subvert the firewall and perform some activity such as to re-enable IP routing.

[Garf92], [Ran93], and [Ches94] discuss advantages and disadvantages of dual-homed gateways used as firewalls.



next up previous contents
Next: Screened Host Firewall Up: Putting the Pieces Previous: Packet Filtering Firewall



John Wack
Thu Feb 9 18:17:09 EST 1995