Hello,
On Aug 27, Francesc Guasch wrote
> I'm thinking about protecting it and its internal network
> with a linux. There will be a firewall, proxying the
> internal querys (www, etc) to the internet.
You will protect the Server, but not you internal Network. Since an Software
Error on the WWW-Server will expose your complete internal network to the
Hacker.
> The problem is that the nt holds cgi's written in visual
> basic. My intention is masquerading the network and
> adding rules in the linux box for letting access to
> the nt web server inside.
Why do you want to masquerade the Server?
> internet ---- fw ------- internal net masqueraded
> nt web server masqueraded
>
> Is that possible ?
Yes, but with Linux you can't do static NAT (at Least not with the stable
Kernel). Therefore you will have to use a TCP-Proxy or
> Another idea is configure squid listening in the port 80
> of the firewall and passing the requests to the nt server
> inside. What about this ?
Usinf Squid as a WEB Enhancer, which is a rather good Solution for
Performance, but not the mostz secure. Using http-proxy from TIS Toolkit
would be a rather secure thing. netcat or tproxyd can be used to Map Port 80
on the Firewall to Port 80 on the NT Server, too.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels @
Wittumstrasse13 .
76646Bruchsal .
de --
( .. ) ecki @
{inka .
de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes @
irc +4972573817 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
References:
-
hybrid fw
From: Francesc Guasch <frankie @
citel .
upc .
es>
|
|
