Great Circle Associates Firewalls
(February 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: proxy software? itelnet/iftp? packet screens? X?
From: Ian Dunkin <imd1707 @ ggr . co . uk>
Date: 10 Feb 93 17:41:00 GMT
To: firewalls @ GreatCircle . COM

Coming anew to this list because I'm exploring options for a firewall,
I've just read through all the archived back discussions, which, now I
can focus again, have helped a lot.  But, let me risk a few questions?

Proxy gateways: I understand their limitations, but I may well have to
think in these terms.  I read about proxy software as part of the
firewall `packages' from Raptor, ANS (Interlock), and DEC (SEAL), as
well as SUN's itelnet/iftp software, and I'm looking at these.  Any
others?  I was amazed that there doesn't seem to be *any* non-commercial
(ie, freely available) proxy software.  Is this the case?  This might be
more telling when thinking of services beyond the basic telnet and ftp:
I noticed wais and gopher being talked about..

I have SUN's two-sheet flyer describing SUN's `Consult-Igateway'
(itelnet/iftp) and it sounds as if at some contributors to Firewalls are
using it?

  Presumably for a *standard* ftp client to use the in.ftp-gw server, it
  would have to connect to a new port number and use a QUOTE command  to
  specify  a  remote  host.   How  would  a  standard  telnet client use
  in.telnet-gw??  I can see how it could connect to a new  port  number,
  but then what: does in.telnet-gw start a dialogue?

  How  usable  is it, generally, if you're not using the special clients
  (which would probably be most often)?

  How flexibly can it be configured?

  Does  one  get  (usable)  source  for the servers?  (I'm thinking here
  about the possibility of reusing it to support other protocols..)

  Is anyone using the in.ftp-gw/in.telnet-gw to handle *incoming* calls?
  -- could one plumb in a stage of authentication, perhaps?

While we're on SUNs: I can see how Ultrix's screend or Irix's ipfilterd
provide a simple way to have a selective veto of packets matching
defined criteria.  Is there a similar mechanism available on SunOS?  The
`nit' would seem to provide a mechanism for achieving the same thing,
but..

Isn't running X across a firewall always going to be a contradiction in
terms?

   Enough for now.  Thanks for any thoughts..

      I.


Indexed By Date Previous: Re: bogus email
From: Rahul Dhesi <dhesi @ rahul . net>
Next: Logging packets dropped by a filter
From: mischler @ Cubic . COM (Dave Mischler)
Indexed By Thread Previous: Ident server
From: rjq @ phys . ksu . edu (Rob Quinn)
Next: Re: proxy software? itelnet/iftp? packet screens? X?
From: jonl @ hal . com (frederick smythe, esquire)

Google
 
Search Internet Search www.greatcircle.com