From owner-freebsd-security  Mon Dec 18  7:29:27 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec 18 07:29:25 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from wormhole.bluestar.net (wormhole.bluestar.net [208.53.1.61])
	by hub.freebsd.org (Postfix) with ESMTP id 1E98237B400
	for <freebsd-security@freebsd.org>; Mon, 18 Dec 2000 07:29:25 -0800 (PST)
Received: from planetwe.com (admin.planetwe.com [64.182.69.146])
	by wormhole.bluestar.net (8.10.1/8.10.1) with ESMTP id eBIFTCQ25743;
	Mon, 18 Dec 2000 09:29:12 -0600 (CST)
Message-ID: <3A3E2D48.8030207@planetwe.com>
Date: Mon, 18 Dec 2000 09:29:12 -0600
From: Drew Sanford <drew@planetwe.com>
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.12 i386; en-GB; m18) Gecko/20001107 Netscape6/6.0
X-Accept-Language: en
MIME-Version: 1.0
To: Peter Ross <petros@pps.de>
Cc: freebsd-security@freebsd.org
Subject: Re: FTP and firewall
References: <200012181431.PAA16565@jung9.pps.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Peter Ross wrote:

> I see five different ways to solve the FTP firewall problem:
> 
> 1. external FTP server and mirror through the firewall
>    Problem: We need the server always up to date,
>    data more then 5 minutes old are not acceptable,
>    also inacceptable are corrupted files (e.g. for files which created by
>    internal processes while the mirror process works)
>    Can I use cpdup (ports collection)?

I speak typo - I assume you mean cvsup. The answer is yes you can. Just 
cron the update process on the inside mirror and cvsupd on the ftp box.

> 2. external FTP proxy server with access to a internal server
>    Problem: which proxy should I use?
> 3. external FTP server with NFS access trough the firewall
>    Problem: NFS and security
> 4. firewall with FTP server and NFS access to the company network
>    Problem: see above,
>             a firewall shouldn't running daemons with public access
> 5. 3. or 4. with a more secure network file system (e.g. Coda ?)
> 
-- 
Drew Sanford
Systems Administrator
Planetwe.com
Email: drew@planetwe.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message