First page Back Continue Last page Summary Graphics
Stand-alone, single-homed machine
Bastion (dual-homed machine)
- screened host
- screened subnet
- Dual-Homed: Bastion + Choke creating a Perimeter Network
- Tri-Homed: Bastion creates a separate, semi-public DMZ
A dual-homed firewall does not have routing functionality. Internal machines communicate with the firewall machine. External machines communicate with the firewall machine. Packets do not pass automatically between the two network interfaces.
Either the dual-homed host must provide proxy services for remote service access, or users must log into the firewall machine directly for remote access.
This is the definition used by Chapman and Zwicky in the 1995 edition of their book, Building Internet Firewalls.