Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: GNAT Box

GNAT Box

Logan Hansen (llhansenadams.edu)
Fri, 04 Dec 1998 14:30:19 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Bennett Todd: "Re: Web server inside the firewall"
Previous message: Erik Schetina: "Re: Working with NAT on FW-1 on NT"
Next in thread: Randy Johnson: "RE: GNAT Box"
Maybe reply: Randy Johnson: "RE: GNAT Box"
Maybe reply: David Barth: "RE: GNAT Box"

What do you have to say about the GNAT Box? It almost looks like a Linux box with IP masc enabled with something like IPFWADM or FWTK setup on it. On the plus side, it's designed to run off a single floppy (Linux Router Project?)!

Here's the HYPE (Selected from www.gnatbox.com/pages/faq.html):

GNAT Box is the technological outgrowth of GTA's ICSA (formerly the NCSA)
Certified GFX Internet Firewall System. Although the GNAT Box doesn't have all the
features and functionality of its parent, it still retains the stateful transparent packet
inspection technology of the GFX system. In its default configuration the GNAT Box
does not accept unsolicited connections from the external network. The GNAT Box is
an "in band proxing firewall", which means that TCP and UDP based applications can
pass packets transparently through the GNAT Box system without needing modified
(special) clients or servers. We use the term "proxy" because the GNAT Box monitors
all communications levels including the application level.

The GNAT Box system supports three types of filters: Remote
Access Filters, Outbound Filters, and IP Pass Through Filters. The built-in implicit rule
for the GNAT Box system is, "That which is not expressly permitted is denied."
Therefore, if no filters of any type were defined, packets would not be allowed to flow
to or through (inbound and outbound) the GNAT Box system.

The GNAT Box system provides transparent operation of many VPN
implementations. Two of the most common VPNs: Microsoft Corporation's PPTP and
Data Fellows SSH are supported transparently. Other VPN solutions, such as
hardware based systems typically operate transparently with the GNAT Box system

GNAT Box is transparent to standard TCP and UDP applications. GNAT Box also
supports difficult applications that require both inbound and outbound connections
like:

                        FTP (normal and PASV)
                        RealAudio/RealVideo
                        Vxtreme
                        Vosaic
                        CU-SeeMe
                        StreamWorks
                        VDOLive
                        VIVOActive
                        True Speech
                        NTT AudioLink
                        NTT SoftwareVision
                        RSTP Applications
                        Yamaha MIDPlug
                        Microsoft PPTP
                        Microsoft NetShow
                        ICQ
                        Quake II
                        Net2Phone

Next message: Bennett Todd: "Re: Web server inside the firewall"
Previous message: Erik Schetina: "Re: Working with NAT on FW-1 on NT"
Next in thread: Randy Johnson: "RE: GNAT Box"
Maybe reply: Randy Johnson: "RE: GNAT Box"
Maybe reply: David Barth: "RE: GNAT Box"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:12:10 CDT