On Thursday, August 21, 1997 11:41 AM, Brynjar Hauksson[SMTP:brh @
nervus .
is]
wrote:
> I'm setting up a Socks firewall on a Red Hat linux 2.1 and I'd like to
have
> another linux box outside the
> Firewall as a web and a mail server. The problem is that M$Outlook /
eudora
> does not support socks,
> so the users would have a hard time getting their mail (since most of
them
> don't even dare to use
> telnet and must use some idiot proof software like M$ outlook)
>
> The reason I use linux/socks is because that it is he cheapest solution
I
> know of.
>
> How can I allow them to go through the firewall without compromising
> security?
Set up the clients with a socksified stack (either sockscap from
www.socks.nec.com or winsock32.dll from www.hummingbird.com) and have the
Outlook/Eudora clients go through the SOCKS server on port 110 to fetch
POP3 from the Linux box, and port 25 to send SMTP mail to the Linux
sendmail.
One thing I should point out to you is that Linux web/mail server is kind
of sitting out there unprotected. Better you put that machine behind the
SOCKS Firewall with your internal clients (and that way they don't have to
be socksified), and proxy web and mail traffic from the outside using
http-gw (from the outside -> in) and smap from TIS. Although this leaves
your web server sitting as a potential launching point for an attack on
your internal network if it ever got compromised through port 80.
An even better solution is to buy an extra adapter for the Firewall and set
up a DMZ to put that Linux web/mail server on, using ipfwadm for basic
filtering and the http and mail proxies from TIS fwtk (while still using
SOCKS for circuit-level gatewaying out).
--
Gene Lee
genel @
inforamp .
net
genelee @
ca .
ibm .
com
|
|
