Re: FTP Proxy on FW-1 ????

youngkttc.com
Fri, 2 Apr 1999 01:06:50 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Antonomasia: "Re: OK, I've been hacked, now what?"
• Previous message: Chris Brenton: "Re: Router management with FW-1"
• In reply to: Sandy Green: "Router management with FW-1"

> I am installing a Firewall-1 (3.0). I want it to be a ftp- and http-proxy
> rather then configuring it as a gateway.
> I have managed to get it configured as a http-proxy (security server and
> resource) and it's available for my clients. But I can't
> think of a way to do a ftp-proxy.

I have used the FWTK ftp-gw proxy running on a FW-1 box to do this same
thing.

If you want people only to use the proxy FTP, allow Internal_Net to connect
only to the firewall host, then use a secure inetd to spawn the ftp-gw. Use
netperm-table rules to define where clients can ftp to.

Otherwise, just allow Internal_Net to connect to Any & !Internal_Net for
non-proxy connections. Configure ftp-gw as mentioned above for proxy
connections.

You can also upgrade to FW-1 4.0 and use its http security server for FTP
connections, but knowing Checkpoint's track record for buggy code, I can't
imagine that it works very well.

If you need help with ftp-gw, post your message to either this mailing list
or to FWTK-users. I'm sure that most people on this list have either run
the FWTK or even some who have written major sections of its code :-).

Cheers,

--Keith

-youngkttc.com

• Next message: Antonomasia: "Re: OK, I've been hacked, now what?"
• Previous message: Chris Brenton: "Re: Router management with FW-1"
• In reply to: Sandy Green: "Router management with FW-1"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:22 CDT