We are making a transition from a uucp/cnews based news system to
nntp with INN. We live behind a firewall with a socks proxy server.
We've talked about a couple of possible configurations:
1: News machine lives on firewall.
_____________ ______ _____________
| news server |<-NNTP-->| news |<--------NNTP-------->| news client |
----+-------- ---+-- ---+---------
| ____|_____ _____|___
| ____ / \ ____ / \
| | | / \ | | / \
internet ---| RA |---< DMZ net >---| RB |----< internal net>
|____| \ / | | \ /
\__________/ ---- \_________/
2: News machine lives on internal net:
_____________ __________ _____________
| news server |<-NNTP-->| socks gw |<----NNTP-------->| news server |<-nntp
----+-------- ---+------ ---+--------- |
| ____|_____ _____|___ |
| ____ / \ ____ / \ __v____
| | | / \ | | / \ | |
internet ---| RA |---< DMZ net >---| RB |----< internal net>-----|news |
| | \ / | | \ / |client |
---- \__________/ ---- \_________/ |_______|
The first setup uses unmodified inn software running on the
firewall, perhaps in a chroot'ed environment. This is easier to
configure, but violates the prohibition against running complex
software on the firewall. More work goes in to modifying inn to work
with the socks proxy stuff in setup 2, but it seems cleaner. My
questions are these:
1: How insecure is the inn software?
2: In light of the answer to the previous question, where should
we run this puppy, if at all? Inside? Outside?
3: Has anyone done this??
Thanks for your time and attention.
--
Howard Owen, Sys Admin internet: hbo @
octel .
com
Octel Communications Corporation BITNET: HBO @
VOODOO .
BITNET
890 Tasman Dr MS 05-04 Milpitas CA 95035 DECNET Internet: 45180::HBO
"I am not a pay TV service!" Telephone: 408-321-6576 (work)
Follow-Ups:
|
|
