Re: restrict implicit binding to interfaces

One example of where a strong end system model might be useful would
be a DMZ system. You might not want a server bound to the "internal
IP" to receive traffic routed via the external interface. So, if the
strong end system model is active, it will only accept datagrams
destined to the internal IP on the "internal" interface.

There are of course other ways to arrive at the same end condition -
configure the server application to only accept connections from a
configured range of intenal IP addresses, or setup firewall rules to
drop datagrams arriving on the external interface with the internal IP
as the destination - of course that last one is simply using the
firewall rules to make the system behave as if it were using the
strong end system model :)

rick jones
--
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
.

Relevant Pages

  • Re: restrict implicit binding to interfaces
    ... ?You might not want a server bound to the "internal ... IP" to receive traffic routed via the external interface. ... If I have a strong end system model all I have to do is ... configured range of intenal IP addresses, or setup firewall rules to ...
    (comp.os.linux.networking)
  • Re: restrict implicit binding to interfaces
    ...  You might not want a server bound to the "internal ... IP" to receive traffic routed via the external interface. ... strong end system model is active, ... configured range of intenal IP addresses, or setup firewall rules to ...
    (comp.os.linux.networking)