1 I hate to propose running large complicated daemons on your
firewall ... but if you have an "external" machine, on the
"outside" of the firewall, dedicated to just doing "services"
and then you put the wu-ftpd -- then you can use their
guest-account features to give users access without login access.
2 Or -- an internal FTP site that automatically mirrors to some
similar external machine ? (where is that mirror.pl software
anyway ? or some application level NFS-type thing? or proxyFTP
to it ? or ... <exercise left to the reader> :)
I'd done #1 before -- that "public" machine ran the ftp daemon
(chrooted) and a web server (chrooted) ... and that machine
was marked as untrusted with no production email or proxy
traffic flying through (impossible anyway because there was
no internal connection)
- joe
>
> I recently attended Brent Chapman's Firewalls tutorial and found it very
> enlightening. He sort of touched the subject of Anonymous ftp service.
> The most important thing I got from his seminar is to have no user accounts
> on the bastion host. How can I give specific inside users access to place
> files up on the ftp server without giving them an account? How does the rest
> of the world out there run their anonymous ftp site? What are the policies
> of anonymous ftp providers normally? What should I woory about in terms of
> security? Any help would be appreciated ( as long as someone can tell me
> where to go look if this is not the right place. )
>
> Thanks
>
> Martin Burke
> burkema @
ampex .
com
>
|
|
