> > While this is a nice thing to do ... why would anyone ever have had to
> > have an account on the proxy host? You don't need one to use tn-gw and
> > ftp-gw! Get those accounts off the proxy host - they're diminishing
> > your security!
>
> Well that's a question lots of ppl are probably asking because you got a
> little snip happy and cut out the following section of the orig. email i
> was responding to in which someone suggested telnetting to the firewall
> (thus req. an acct./login-passwd) and then telnetting from the firewall
> out... shame on you.
>
> > I haven't looked at your configuration, because you can't do either of
> > these things using the TIS FWTK. In both cases, you must connect to
> > the firewall bastion host (using 'telnet' or 'ftp', or your commercial
> > product that uses those products), and from their connect out to the
> > Internet host that you want to reach.
That was me. YES, telnet to the bastion host. NO, you don't need an
account and password. You should be running tn-gw on the firewall, not
the telnetd! The tn-gw accepts you from the inside, if your IP address
has permission to telnet out, and filters your session to the outside
world. Same with ftp-gw.
I must have been tired ... I entered "from their" instead of "from
there". And spell-check didn't even catch it. ;-) Oh for the Writers
WorkBench (WWB) of yore.
OBTW, where I came from PPL was the Polymorphic Programming Language.
;-)
--
Joe Yao jsdy @
cospo .
osis .
gov - Joseph S. D. Yao
COSPO Computer Support EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Follow-Ups:
References:
|
|
