previous | start | next

Application Gateways

In this configuration, the only system which has access to the outside Internet is the bastion host. In turn, the systems on the internal LAN (nowadays often referred to as the "Intranet") can only establish TCP connections to the bastion host, or gateway. Both of these conditions are configured using TCP and IP address-based packet filtering in the routers. No TCP connection (or even packet flow) is permitted between the Intranet and the external Internet.
 
If users on the Intranet wish to use services provided on the outside Internet (for example, to ssh, or "shell" into an external Unix system) they must first connect to the gateway, and then use softare running on it to access the exterior machine.
 
An example of such a structure is provided by an electronic mail gateway which receives messages from the Internet. Typically, a mail gateway in the DMZ receives messages addressed to an alias address, such as: 
P.Scott@latrobe.edu.au
and delivers (SMTP) the message to an appropriate second (department-level) server within the Intranet. MX records in the DNS support such mail gateway systems.
 
Lecture 20: Network Security Copyright © 2005 P.Scott, La Trobe University Bendigo.

previous | start | next