[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do you proxy?

> On Fri, 18 May 2001, Robert Davies wrote:
> >Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level,
> >which was a good solution.

>  I don't agree... Didn't you find any trouble in merging active/passive
> mode...? It seems to me the best you can do with ipchains means to allow
> all ports 1024: <-> 1024: to talk each other and setting special DENY to
> unused services... it sounds not so good to me.

Hey do you normally extract and post small parts of answers sent to you
privately onto a large mailing list?

You've annoyed me as anyone reading the full answer sent to you will see
that I didn't want to go into details about the ftp side.  At the time, and
for the limited purposes I needed, it was a good solution in that network.
With the kit involved I was only able to block the privileged ports, not any
others, and passive ftp only was fine.  It might not meet your requirements,
but I wasn't pushing you in that direction, please note my use of the past

How would you like one sentence of yours, sent privately taken out of
context and published on a mailing list?

>> What's the best for you,
>>          socks, tis or squid?
>> I'd like to proxy ftp, telnet, http, with a cache too, if I can...

>squid was great for serving as web proxy, my problems with it were handling
>the logs, and it using more disk space than assigned to it, due to it using
>sum of file lengths, rather than blocks allocated.

>On telnet, maybe you'ld like to find the 'Piercing Firewalls HOWTO'?  There
>are other reasons why it's inadequate for todays net, and ssh is to be

>Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level,
>which was a good solution.

If more ppl do this, I think you will make ppl hesitant to share the benefit
of their experiences with you, so I suggest you take more care in future.

Thanks Rob

Reply to: