Jump to content.

IFX Group


The IPAD-OS Firewall

True IP Address Expansion is a firewall technology developed by Phil Becker for eSoft's IPAD-OS project that allows a large network to be completely hidden by a firewall using only a single public IP address, with no special client program configuration. It allows the firewall to be completely transparent to the users protected by the firewall, and yet keeps the network completely secure from Internet hackers. True IP Address Expansion uses the best of each type of firewall architecture, then adds a few twists.

First, Network Address Translation and Port Address Translation are utilized. This allows the network protected by the firewall to use private addresses that can't be seen from the Internet. This gives a certain amount of security by itself, but it is not totally secure.

To increase security, the IPAD-OS includes a very robust stateful inspection firewall on top of the network and port address translation. This allows protected client machines to have complete sessions with the Internet, while at the same time keeping Internet hackers from being able to start sessions with the client machines.

But it doesn't stop there, the IPAD-OS's firewall also includes adaptive proxies for protocols that won't pass through a NAT firewall properly. These include protocols such as multiple session FTP, CUSeeMe and RealAudio among others.

Finally, the IPAD-OS has intelligent return route packet filtering that denies access to spoofed packets.

This makes for a completely transparent firewall from the protected network, but a completely bulletproof firewall from the Internet.

We also added the ability to enhance the standard packet filters by adding specific filters as desired. Let's take an example. Some administrators may decide they don't want their client computers to access the web at all. With the IPAD-OS, a filter can easily be put in place to deny that access. But what if you want to just slow down the web traffice to give priority to actual business traffic? The IPAD-OS firewall does that too.

For server machines that need to be completely protected except for specific server functionality, we added server passthrus. These allow a server machine to be protected by the firewall and still be accessed from the Internet. The server can have a private IP address, or it can have a public IP address (the exception to the single IP address rule mentioned under NAT above).

The end result of going the extra mile is an IPAD-OS firewall that requires zero configuration, and yet is safe. At the same time, using a simple GUI interface, the IPAD-OS firewall can be reconfigured to deny certain services, and easily allow protected access to other servers on your LAN, without compromising overall network security.

First published 2006-12-31. The last major review or update of this information was on 2011-04-07. Your feedback using the form below helps us correct errors and omissions on this page.