RE: Start up scripts
FTP-Proxy suffers from the same problems as passive mode sometimes. Also
where do you get that proxy software?
What's the exact risk we take with using a module?
Michael
--
Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH
meskes@topsystem.de | Europark A2, Adenauerstr. 20
meskes@debian.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
> -----Original Message-----
> From: Henry Hollenberg [SMTP:speed@barney.iamerica.net]
> Sent: Thursday, March 05, 1998 4:02 PM
> To: Meskes, Michael
> Subject: RE: Start up scripts
>
>
>
> Henry Hollenberg speed@barney.iamerica.net
>
> Yes, I see your point, I guess I'm the most vocal user at this point
> on
> this site (since I'm paying for the connection! :-)), but this needs
> to
> work well for many if it's to have any value....we need some numbers
> of
> people beating on the architecture to validate it, not just me.
>
> Do you think we could get away with proxying these and maintain a
> "non-modultated" kernel? Perhaps have an option in the install script
> to
> branch to "modultated" or "non-modultated" with perhaps a brief note
> about
> what's being given up and gained.
>
> Oh yeah, I expect my site to grow into a heavily used site soon....so
> I'll
> probably need to get with the program as far as the new whiz bang
> protocols are concerned.
>
> On Thu, 5 Mar 1998, Meskes, Michael wrote:
>
> > I do not use these all. :-) BTW the second number listed is the use
> > count. As you see only ftp is in use now. But some of my users have
> used
> > vdolive and of course irc . Also we wanted to try cuseeme.
> >
> > Anyway, I don't think restricting ftp to passive is a good idea.
> While I
> > agree that it is for security reasons it certainly is not for user
> > friendlyness. There's more to ftp than using a browser to access
> some
> > files. There are quite some programs, libraries and scripts that use
> > ftp. And not all are configurable.
> >
> > I think we shouldn't act as if we were on an island. We will get
> users
> > who ask for these services and I prefer a firewall that has been
> > constructed with these in mind.
> >
> > Michael
> >
> > > > ip_masq_quake 1 0
> > > > ip_masq_ftp 1 2
> > > > ip_masq_raudio 1 0
> > > > ip_masq_irc 1 0
> > > > ip_masq_cuseeme 1 0
> > > >
> > > > You could get rid of them if you don't waynt to allow the the
> > > program to
> > > > be used or add a proxy for it.
>
>
> --
> E-mail the word "unsubscribe" to
> debian-firewall-request@lists.debian.org
> TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to
> listmaster@debian.org .
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .
Reply to: