[WEB4LIB] Firewalls and Web access

Andrew I. Mutch amutch at waterford.lib.mi.us
Sun Aug 11 18:41:49 EDT 2002


Bob,

Your best bet is to provide all of your vendors with the external IP
address of the firewall. The firewall itself is probably not actually
blocking the access to the databases, the databases just don't recognize
the IP address that the firewall is presenting for web access. Typically,
you wouldn't need to provide access through the firewall for each
individual resource unless your network people are restricting HTTP
traffic through the firewall on a per-site basis. Most firewalls are going
to be configured to allow all HTTP traffic through the firewall from
external sources and outbound from trusted internal computers, like your
PCs in the library.

I'm not sure what the concern is regarding IP recongnition from a security
standpoint. You should be able to configure the firewall to present an
external public IP address for IP recognition. This IP doesn't actually
correspond to the IP of the firewall, it corresponds to the internal IPs
of the PCs in the network accessing the Internet. Your firewall handles
the network address translation that makes this work. The firewall itself
will normally have an internal private address that is inaccessible to
external hosts. 

If your network people can't set up an acceptable configuration to make
this happen, they should contact the firewall vendor for a solution. This
is a common need and they should be able to get your network people going
so that you have database access again.

Good luck!

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI




On Sun, 11 Aug 2002, Bob Duncan wrote:

> 
> Color me stupid, but I've just run into a situation that has me adrift in 
> brain numbness.  Any assistance would be appreciated.
> 
> Our campus network folks just installed a new firewall, and now we have 
> lost access to all our subscription resources which rely on authentication 
> via IP-address recognition.  Apparently this is because the firewall is 
> stopping most incoming traffic and its IP address is not within the range 
> of addresses we supply vendors.
> 
> Our network folks are new at firewalls, and I am only familiar with the 
> general concepts.  What are the options for restoring access to all of our 
> Web-based resources?  Supplying the firewall address to vendors seems like 
> less work than allowing inbound access for each vendor machine (which is 
> also a bit of a moving target), but neither seems terribly palatable.  Is 
> there a way that IP-address recognition can work without compromising 
> campus security?  (And is this a typical configuration for a college campus?)
> 
> Thanks,
> 
> Bob Duncan
> 
> 
> ~!~!~!~!~!~!~!~!~!~!~!~!~
> Robert E. Duncan
> Systems Librarian
> David Bishop Skillman Library
> Lafayette College
> Easton, PA  18042
> duncanr at lafayette.edu
> http://www.library.lafayette.edu/
> 
> 




More information about the Web4lib mailing list