Re: Proxy Firewalls (was FWTK vs T.REX)

[ark () eltex ru]

nuqneH,

speaking for OpenFWTK..

On Thu, Jan 30, 2003 at 11:47:21AM -0500, Marcus J. Ranum wrote:
> I think FWTK is pretty obsolete.
>
> For the various components of the package, there are better
> "best of breed" implementations you can use; the only thing
> you lose is common configuration.

Statistics, monitoring, QoS control, granular protocol inspection,
content filtering and more..

> FWTK                          I use now
> ftp-gw                                FTP w/pasv origin only, squid for readonly

still looking for suitable replacement, will probably rewrite

> tn-gw                         ssh

bad luck, ssh-gw is neverending project and still does not work properly :(
but it will someday. At least it is not shell, it is proxy.

> http-gw                       squid, chrooted on a separate box

what about html filtering? squid-gw is the way.

> authentication                        ssh

there are many things to do..

> smap                          postfix

smtpd/smtpfwdd modified to read smap-style configuration

> plug-gw                       ssltunnel, plug-gw

sslified plug-gw

> dns                           bind, chrooted (finally)

dnscache and dnsctl - a tiny program that exports netperm-table
configuration to dnscache.

pop3, nntp, cvs, rsh, lpd, tds etc proxies?

-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards