Architecture

In the text below,

• outgoing means "from inside (e.g. ESRF or ILL or EMBL) to outside" while
• incoming stands for the other way
• the DMZ (DeMilitarized zone) is the publicly accessible network (green area in the above figure).

The site's firewall system is divided into:

• a server computer (blue box above) filtering the incoming accesses
  • named out for the internal users and firewall for the external users
  • belongs to all internal domains esrf.fr, ill.fr and embl-grenoble.fr
  • takes in charge:
    • the E-mail traffic in both directions (now handled by two additional servers),
    • the DNS (Domain Name Service) responsability for the site,
    • the incoming Ssh for outside users connecting to internal hosts; the Telnet access was closed in February 2003
    • the outgoing Ftp for cases where the router does not fit right.
  • runs proxies originated from TIS (Trusted Information Systems, Inc.) called the Firewall Toolkit , freely available as source code on the Internet.
    
• a filtering router (orange box above) taking in charge all the outgoing traffic
  • transparent to all internal users, who are able to contact directly any remote sites
  • blocks any incoming connection
  • supports Ssh / Ftp / Web access etc.