Re: question about proxy firewall
On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote:
> I've read an article about FreeBSD which made me read some parts of the
> FreeBSD docuemtations. in the firewall section there is a short description
> about proxy firewalls. I've made some more searching and found a "free"
> product called "TIS" which provide this functionality (which I thought was
> only available on costly commercial products like checkpoint). a little
> more searching got me to products available to linux (like dante), but in
> their documentations I've read that it is used mainly for outgoing traffic.
>
> I know very little about this subject, so I was wondering, is there a
> product for linux that provide some more security for incoming traffic
> (instread of just sophisticated filtering).
The point of a protocol-proxy is that you want to provide services to
the outside world, but you don't trust your server software to be robust
against protocol-level attacks (buffer overflows, primarily). Since one
of the points of Debian is to fix bugs in software, that's not
particularly a direction that's interested anyone recently.
However, the tools are in place to build your own. Generically, any
protocol can be diverted to another program by the packet filtering
system; it's trivial to send things on to other computers, too. There
are lots of HTTP, FTP, SMTP, DNS, X... proxies available, some of which
have been built with security in mind and others with other goals.
Look at packages simpleproxy, stone, totd, squid, xfwp, and in fact
everything you get from an "apt-cache search proxy".
-dsr-
Reply to: