From owner-freebsd-questions Fri Mar 28 23:42:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA14942 for questions-outgoing; Fri, 28 Mar 1997 23:42:59 -0800 (PST) Received: from cyclone.degnet.baynet.de (root@cyclone.degnet.baynet.de [194.95.214.129]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA14937 for ; Fri, 28 Mar 1997 23:42:55 -0800 (PST) Received: from na (ppp4 [194.95.214.134]) by cyclone.degnet.baynet.de (8.6.12/8.6.9) with SMTP id JAA15806; Sat, 29 Mar 1997 09:43:41 +0100 Message-Id: <3.0.32.19970329083952.006bbe14@cyclone.degnet.baynet.de> X-Sender: moos@cyclone.degnet.baynet.de X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sat, 29 Mar 1997 08:41:05 -0100 To: "Jeffrey J. Mountin" From: Darius Moos Subject: Re: [Q] newsproxy for fetching news behind firewall Cc: questions@freebsd.org, nadav@barcode.co.il Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Yes you both are right. The plug-gw from fwtk would do the job, but the firewall is hiding an office-network and blocking direct inside to outside (internet) traffic. Therefor no machine on the inside-network is allowed to make direct connections to the internet. A news-server on the firewall-maachine would do the trick but this is no option. What i need is something like a news-proxying-only application, that runs on the firewall-machine and accepts connections from the inside- network and then fetches the groups or articles, requested by the user from some newsserver on the internet. The users on the inside-network should never have direct connections on any port to the internet. Any hints ? Darius Moos. At 12:21 28.03.97 -0600, you wrote: >At 11:06 AM 3/28/97 +0300, Nadav Eiron wrote: >>On Thu, 27 Mar 1997, Darius Moos wrote: >>> does anybody know of an application that works as a newsproxy on the >>> nntp-port. I need this for reading news behind a firewall (no local >>> newsserver). >>> >>> Thanks in advance. >>> >>> Darius Moos >>> >>I don't have a specific news proxy, but plug-gw from the TIS fwtk >>(which I believe is available in the ports) can do that. Simply "plug" a >>port on the inside of your firewall to the nntp port on your news server. > >We use only smap, customized at that, but have to wonder if it is a long >running daemon or under inetd. This should not be all that relevant, as he >is beind the firewall, but something to be noted for the performance hit. > >This should be handled at the firewall, either finding out the port that >NNTP (119) translates to, or somehow allowing it. > >I'll be the last is not an option if this is an office environment and I'll >bet that plug-gw will not help. > >'Fraid to say I usually deal with poorly done firewalls from the outside >and don't care to compromize my systems for someone elses botched job. > >Commonly I've seen udp port 53 blocked, so inverse fails and people beind >the firewall cannot pop, telnet, or ftp. > >Security can indeed be too good. 8-) > > >------------------------------------------- >Jeff Mountin - System/Network Administrator >jeff@mixcom.net > >MIX Communications >Serving the Internet since 1990 > >