RE: Start up scripts
I do not use these all. :-) BTW the second number listed is the use
count. As you see only ftp is in use now. But some of my users have used
vdolive and of course irc . Also we wanted to try cuseeme.
Anyway, I don't think restricting ftp to passive is a good idea. While I
agree that it is for security reasons it certainly is not for user
friendlyness. There's more to ftp than using a browser to access some
files. There are quite some programs, libraries and scripts that use
ftp. And not all are configurable.
I think we shouldn't act as if we were on an island. We will get users
who ask for these services and I prefer a firewall that has been
constructed with these in mind.
Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH
email@example.com | Europark A2, Adenauerstr. 20
firstname.lastname@example.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
> -----Original Message-----
> From: Henry Hollenberg [SMTP:email@example.com]
> Sent: Thursday, March 05, 1998 3:23 PM
> To: Meskes, Michael
> Subject: RE: Start up scripts
> > ip_masq_vdolive 1 0
> > ip_masq_quake 1 0
> > ip_masq_ftp 1 2
> > ip_masq_raudio 1 0
> > ip_masq_irc 1 0
> > ip_masq_cuseeme 1 0
> > You could get rid of them if you don't waynt to allow the the
> program to
> > be used or add a proxy for it.
> I was planning on using passive ftp clients and allowing this in and
> with IP filters....seemed like alot less hassle and the browsers
> (Netscape) support this already.
> Now the others, boy, your having some fun....I imagine when I get this
> firewall done, you and I are going to have to talk! :-). That sounds
> some neat stuff to try out.
> But, for now, I think I must be more conservative....I've got this
> Corporation and Hospital that aren't going to be real sympathetic with
> need to do irc, etc.... (I know it's important, but it's tough to
> them sometimes....do you guys have to reuse your styrofoam coffee
> cups....just wondering....:-)
> I guess when that time comes I'd be more inclined to proxy those
> I'd really like to follow the book for now and keep the kernel
> non-modulated if at all possible.
> Later on we ought to be able to tinker with variations on the
> specification and start the most valuable phase of the project in my
> opinion....accruing stats on exploits to "standard" firewall setups.
> information ought to be very valuable. But first you've got to have a
> standard that data can be collected on so we can compare apples to
> E-mail the word "unsubscribe" to
> TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to
> firstname.lastname@example.org .
E-mail the word "unsubscribe" to email@example.com
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to firstname.lastname@example.org .