Date: Sat, 1 Apr 2000 20:08:28 -0800 From: Andre Gironda <andre@sun4c.net> To: James Wyatt <jwyatt@rwsystems.net> Cc: Nate Williams <nate@yogotech.com>, Andre Gironda <andre@sun4c.net>, Jim Durham <durham@w2xo.pgh.pa.us>, freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules Message-ID: <20000401200828.B319@toaster.sun4c.net> In-Reply-To: <Pine.BSF.4.10.10004011657120.71006-100000@bsdie.rwsystems.net>; from James Wyatt on Sat, Apr 01, 2000 at 05:02:17PM -0600 References: <200004011856.LAA04865@nomad.yogotech.com> <Pine.BSF.4.10.10004011657120.71006-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, that's exactly it. Piercing firewalls is not always as simple as passive vs active ftp. Proxies are a great idea in most cases, although I think they're a bit restrictive. But then again, do you really want people using programs like httptunnel and creating a potential security problem? Have you seen http://www.detached.net/mailtunnel.html ? Guess that means that UUCP mail through a dial up connection isn't really that bad of an idea. Controlling what data is *really* going through your network is more complex than you think. Especially in this day and age. dre On Sat, Apr 01, 2000 at 05:02:17PM -0600, James Wyatt wrote: > On Sat, 1 Apr 2000, Nate Williams wrote: > > > export/setenv http_proxy! > > > > Huh? > > > > > of course, you have to find all of the distfiles manually, since only > > > about 4% of them have an http site to download the source from. > > > > That's irrelevant. You can still download *ALL* of them via > > passive-mode ftp. I have yet to find a site that didn't let me download > > with ftp in passive mode, so if you are *truly* interested in security, > > then you certainly don't want to open up so people can use active-mode > > ftp from behind your firewall. > > Andre said his was a special case and that "it works though, but i doubt > it's what you are looking for. i had to do this behind a firewall/proxy > architecture that did not allow ftp." > > I took it to mean "*he* *has* to use HTTP to fetch because his firewall > doesn't support *any* ftp" and that if there is some problem with active > FTP it might still work. - Jy@ -- This program has been brought to you by the language C and the number F. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000401200828.B319>