[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)
From: Bennett Todd <bet () rahul ! net>
Date: 2003-01-30 18:09:28
[Download RAW message or body]
This is a terrific list to work up. Of course it changes over
time....
2003-01-30T11:47:21 Marcus J. Ranum:
> tn-gw ssh
For a gateway, I've constructed a highly restrictive ssh proxy
setup.
It used a chrooted sshd with private passwd/shadow files in the
chroot jail. The login shell for the users in that private passwd
was a teensy C program, that looked up the $LOGNAME in a private
config file to get a destination host, and execed an ssh client to
that host. This prevented all port forwardings and the like.
This was work-for-hire, and I no longer have that code and couldn't
give it away if I did, but such a C wrapper is awfully trivial to
write.
> smap postfix
While I like Postfix best for such applications, another candidate I
wouldn't criticize is qmail. Different strengths and weaknesses,
appeals to some folks.
> dns bind, chrooted (finally)
djbdns --- dnscache is deal for use as a firewall DNS proxy.
-Bennett
[Attachment #3 (application/pgp-signature)]
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic