MS Proxy isn't your best bet, and from my small knowledge of Linux you will
have a great deal of work ahead of you. You might look at another firewall
soln like Checkpoint's Firewall 1. We used it in conjunction w/ MS Proxy
2.0 to force the users to be NT Authenticated and then made the Firewall
accept requests only from the exchange server and the Proxy server all other
internal requests are denied. I don't know if Firewall 1 will support x.400
traffic though. Also Does the 400 traffic need to get to the Internet or is
it internal to their private WAN???
Good Luck,
JP
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Neil Moore-Smith
Sent: Tuesday, October 13, 1998 7:18 AM
To: 'Linux-Net Mailing List'
Subject: Can A Linux Firewall Support NT Authentication?
Hi all
I have a real problem. My client has an NT network and a permanent
connection to the Internet. For email they use MS Exchange over X.400. They
also have a few Unix systems around. They want to protect their machines
from the Internet and also control outbound access to the Internet.
I thought MS Proxy Server 2.0 was a good idea. It uses NT logon details to
authenticate who can access the Web (they have to belong to a group called
Web Users).
BUT... after six weeks on the phone to Microsoft, they tell me that the
Exchange X.400 MTA doesn't work through their Proxy Server as it's not
Winsock-compliant. Yikes!
X.400 is non-negotiable. I can't just switch to SMTP. I don't want to put
the mail server on the "wrong" side of the Proxy Server as it has too much
other stuff on to be exposed like that. Therefore, I need to switch to a
different firewall. Linux seems a good bet, and the TIS toolkit seems to get
me a long way, but I am concerned about integration. I would rather
allow/deny access based on user, not just IP address. Is this possible under
Linux, with the facilities available?
All suggestions gratefully received.
Neil
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
