Re: How do you proxy?
> On Fri, 18 May 2001, Robert Davies wrote:
>
> >Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level,
> >which was a good solution.
> I don't agree... Didn't you find any trouble in merging active/passive
> mode...? It seems to me the best you can do with ipchains means to allow
> all ports 1024: <-> 1024: to talk each other and setting special DENY to
> unused services... it sounds not so good to me.
Hey do you normally extract and post small parts of answers sent to you
privately onto a large mailing list?
You've annoyed me as anyone reading the full answer sent to you will see
that I didn't want to go into details about the ftp side. At the time, and
for the limited purposes I needed, it was a good solution in that network.
With the kit involved I was only able to block the privileged ports, not any
others, and passive ftp only was fine. It might not meet your requirements,
but I wasn't pushing you in that direction, please note my use of the past
tense.
How would you like one sentence of yours, sent privately taken out of
context and published on a mailing list?
>> What's the best for you,
>> socks, tis or squid?
>>
>> I'd like to proxy ftp, telnet, http, with a cache too, if I can...
>squid was great for serving as web proxy, my problems with it were handling
>the logs, and it using more disk space than assigned to it, due to it using
>sum of file lengths, rather than blocks allocated.
>On telnet, maybe you'ld like to find the 'Piercing Firewalls HOWTO'? There
>are other reasons why it's inadequate for todays net, and ssh is to be
preferred.
>Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level,
>which was a good solution.
If more ppl do this, I think you will make ppl hesitant to share the benefit
of their experiences with you, so I suggest you take more care in future.
Thanks Rob
Reply to: