Does anyone here use the ftp-gw s/w in the TIS firewall toolkit ?
I'm interested in knowing how to get it to deny being used as a
proxy agent for reaching internal hosts (for which it only knows
an IP#) whilst allowing internal hosts to use it as a proxy and
everyone to use it as an anonymous ftp server itself.
(Is this too much to expect from it ??)
It seems to behave fine as a proxy server going out, but it doesn't
seem to like things like this:
ftp-gw: hosts -dest !10.*
in the netperm file. (Using !*.foo.bar is fine).
Does anyone have a sample set of netperm entries they could share
showing how to achieve it properly ? I'm very worried that if
someone does "ftp @
51" the ftp-gw s/w will allow that through...
even if you only have "-dest !*.foo.bar" in your netperm file!
(Although "ftp @
bar" is blocked).
I'm using version 1.1...what have I done wrong ? This just doesn't
make sense to me :/