> On Fri, 18 May 2001, Robert Davies wrote: > > >Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level, > >which was a good solution.
> I don't agree... Didn't you find any trouble in merging active/passive > mode...? It seems to me the best you can do with ipchains means to allow > all ports 1024: <-> 1024: to talk each other and setting special DENY to > unused services... it sounds not so good to me. Hey do you normally extract and post small parts of answers sent to you privately onto a large mailing list? You've annoyed me as anyone reading the full answer sent to you will see that I didn't want to go into details about the ftp side. At the time, and for the limited purposes I needed, it was a good solution in that network. With the kit involved I was only able to block the privileged ports, not any others, and passive ftp only was fine. It might not meet your requirements, but I wasn't pushing you in that direction, please note my use of the past tense. How would you like one sentence of yours, sent privately taken out of context and published on a mailing list? >> What's the best for you, >> socks, tis or squid? >> >> I'd like to proxy ftp, telnet, http, with a cache too, if I can... >squid was great for serving as web proxy, my problems with it were handling >the logs, and it using more disk space than assigned to it, due to it using >sum of file lengths, rather than blocks allocated. >On telnet, maybe you'ld like to find the 'Piercing Firewalls HOWTO'? There >are other reasons why it's inadequate for todays net, and ssh is to be preferred. >Cannot comment on ftp proxy, as I used masqueraded ftp at ipchains level, >which was a good solution. If more ppl do this, I think you will make ppl hesitant to share the benefit of their experiences with you, so I suggest you take more care in future. Thanks Rob
