Reconfigurable Firewall

From Grid5000
Revision as of 14:02, 8 July 2021 by Mimbert (talk | contribs) (Created page with "In IPv4, all communications from inside Grid'5000 to the outside internet are NATed to the single public IP address of Grid'5000. It is possible to initiate a network connecti...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

In IPv4, all communications from inside Grid'5000 to the outside internet are NATed to the single public IP address of Grid'5000. It is possible to initiate a network connection from inside Grid'5000 to the outside internet and the connection tracking of the Grid'5000 firewalls will allow the communication to work in most situations (i.e. for protocols that are supported by standard connection tracking mechanisms).

But two things are not possible, in IPv4:

  • Initiating a direct network connection from the outside internet to the inside of Grid'5000 (by direct connection we mean not through VPN or ssh tunnel). It is impossible to allow such connections since Grid'5000 hosts do not have a public routable IPv4 address.
  • having connections initiated inside Grid'5000 to the outside internet, on protocols which are not supported by standard connection tracking mechanisms ("standard connection tracking mechanisms" is deliberately vague, it depends on the specific firewall version which may change).
Retrieved from "https://www.grid5000.fr/mediawiki/index.php?title=Reconfigurable_Firewall&oldid=92470"