Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 09 Jan 2002 02:11:11 +0100
From:      Julian Stacey <jhs@jhs.muc.de>
To:        Terry Lambert <tlambert2@mindspring.com>
Cc:        hackers@freebsd.org
Subject:   Re: Which ftpd for proxy ? 
Message-ID:  <200201090111.g091BBn49734@jhs.muc.de>
In-Reply-To: Message from Terry Lambert <tlambert2@mindspring.com>  of "Tue, 08 Jan 2002 19:59:17 %2B0100." <3C3B4185.517C8BC7@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Terry Lambert wrote:
> Julian Stacey wrote:
> > Hi all,
> > Any reccomendations what to install (or avoid) on my firewall,
> > from 4.4 /usr/ports/ftp/ to be a proxy ftpd server ?
> 
> man libalias
> 
> Then install natd.

I don't believe that's the solution I'm looking for.  I may be
wrong, or things may have changed, but when I built my firewall a
few years back I was under the strong impression that NAT was a
poor man's cheap & dirty insecure replacement for a proper firewall ?

I don't want to secure all my internal hosts, I just want the gate
to be secure.  I went to the effort of doing the thing right,
building all the ipfw rules, getting internal & external named
roughly right, getting sendmails on gate & internals to forward
(OK, incoming is OK, but I admit outgoing is not yet right), getting
apache reconfig'd to support proxying (it didnt used to, might now
by default, can't remember), ftp proxy is about the last thing.
I'm not be convinced it'd be worth tossing all that work & putting
in a NATD security loophole ?

I suppose folks on security@freebsd.org might know more about
ipfw + proxies V. NAT,
but I wasnt really asking to discuss that,
I was asking for reccomendations on proxying ftpd's.

Julian
J.Stacey	Munich Unix (FreeBSD, Linux etc) Independent Consultant
 Reduce costs to secure jobs: Use free software: http://bim.bsn.com/~jhs/free/
 Ihr Rauchen = mein allergischer Kopfschmerz !  Schnupftabak probieren !

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201090111.g091BBn49734>