Date: Sat, 29 Mar 1997 08:41:05 -0100 From: Darius Moos <moos@webmore.com> To: "Jeffrey J. Mountin" <sysop@mixcom.com> Cc: questions@freebsd.org, nadav@barcode.co.il Subject: Re: [Q] newsproxy for fetching news behind firewall Message-ID: <3.0.32.19970329083952.006bbe14@cyclone.degnet.baynet.de>
next in thread | raw e-mail | index | archive | help
Yes you both are right. The plug-gw from fwtk would do the job, but the firewall is hiding an office-network and blocking direct inside to outside (internet) traffic. Therefor no machine on the inside-network is allowed to make direct connections to the internet. A news-server on the firewall-maachine would do the trick but this is no option. What i need is something like a news-proxying-only application, that runs on the firewall-machine and accepts connections from the inside- network and then fetches the groups or articles, requested by the user from some newsserver on the internet. The users on the inside-network should never have direct connections on any port to the internet. Any hints ? Darius Moos. At 12:21 28.03.97 -0600, you wrote: >At 11:06 AM 3/28/97 +0300, Nadav Eiron wrote: >>On Thu, 27 Mar 1997, Darius Moos wrote: >>> does anybody know of an application that works as a newsproxy on the >>> nntp-port. I need this for reading news behind a firewall (no local >>> newsserver). >>> >>> Thanks in advance. >>> >>> Darius Moos >>> >>I don't have a specific news proxy, but plug-gw from the TIS fwtk >>(which I believe is available in the ports) can do that. Simply "plug" a >>port on the inside of your firewall to the nntp port on your news server. > >We use only smap, customized at that, but have to wonder if it is a long >running daemon or under inetd. This should not be all that relevant, as he >is beind the firewall, but something to be noted for the performance hit. > >This should be handled at the firewall, either finding out the port that >NNTP (119) translates to, or somehow allowing it. > >I'll be the last is not an option if this is an office environment and I'll >bet that plug-gw will not help. > >'Fraid to say I usually deal with poorly done firewalls from the outside >and don't care to compromize my systems for someone elses botched job. > >Commonly I've seen udp port 53 blocked, so inverse fails and people beind >the firewall cannot pop, telnet, or ftp. > >Security can indeed be too good. 8-) > > >------------------------------------------- >Jeff Mountin - System/Network Administrator >jeff@mixcom.net > >MIX Communications >Serving the Internet since 1990 > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970329083952.006bbe14>