You might opt for installing a simple Linux router if you can't find a Solaris Network
Address Translation tool. The Linux box would only be used to route the TCP/IP
packages
from one port to another.
It is the old Linux story. Claim and older Pentium PC with some 32 Mb memory in
it (in that case you can run X11, which make the installation procedure easier).
Buy a Linux distribution (e.g. SuSE, Redhat or whatever). Install it. Believe me it
takes you less time then installing Windows.
Read the IPCHAINS-HOWTO, which is somewhere in /usr/doc. This could take you a few
hours,
but its is nice to know what you are actually doing with ipchains. Experiment with it
and make
sure you understand what you are doing. After all it should be reliable and secure.
I would say it takes you one to two days to get it up and running and 1000$ hardware
when you
buy a new machine for it. All assuming you have some knowledge about TCP/IP and UNIX
in general.
Frank
On Wednesday, September 13, 2000 7:01 AM, Sach Jobb [SMTP:[EMAIL PROTECTED]] wrote:
> This _is_ a great idea and i considered something like it before, the only
> problem is that we are deploying on Solaris.
>
> sach
>
>
> On Tue, 12 Sep 2000, Brian Beaulieu wrote:
>
> > My solution seems to be working so far.
> >
> > I have Orion running as an arbitrary user bound to port 8000
> >
> > I'm redirecting with ipchains all requests to port 80 to port 8000 with:
> >
> > ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j REDIRECT 8000
> >
> > The logs show the originating host since I'm not masquerading - this is
> > obviously very important. I haven't run into a problem yet.. I'll try
> > to break it and report here if I do.
> >
> > Regards,
> >
> > Brian
> >
> > Sach Jobb wrote:
> > >
> > > Thanks guys,
> > >
> > > This sums up everything pretty well:
> > > http://www.orionsupport.com/users.html
> > >
> > > The root of the problem (pun intended) is here:
> > >
> > > "Java, however, has no concept of a user, because Java is cross-platform
> > > and some platforms don't have any real user (such as Win98, which uses the
> > > term "user" very loosely.)"
> > >
> > > cheers,
> > > sach
> > >
> > > %s/windows/linux/g
> > >
> > > On Tue, 12 Sep 2000, Brian Beaulieu wrote:
> > >
> > > > I tried this (had to recompile the library though).
> > > >
> > > > It says it's running it as user 'nobody' however all processes are
> > > > stilled owned by nobody. When I attempt to create a directory '/blah'
> > > > (shouldn't be able to), it works. I have to find a way to do this.
> > > > I'm going to try running orion on a port > 1024 and do port forwarding
> > > > but that might cause some issues with advanced functionality. I'll look
> > > > at the JINI library to see if I can find the problem and do some more
> > > > debugging. Are there any other solutions out there?
> > > >
> > > > Regards,
> > > >
> > > > Brian
> > > >
> > > > Markus Holmberg wrote:
> > > > >
> > > > > On Mon, Sep 11, 2000 at 11:11:57AM -0700, Sach Jobb wrote:
> > > > > > Has anyone found a way of running Orion on port80 without being root?
> > > > > >
> > > > > > I'm getting ready to launch a finance based site and i'm quite concerned
> > > > > > about security. I've seen messages like this posted before but i have yet
> > > > > > to see any kind of resolution. Any ideas?
> > > > >
> > > > > Changing Orion's uid using JNI:
> > > > >
> > > > > http://www.orionsupport.com/users.html
> > > > >
> > > > > Markus
> > > > >
> > > > > --
> > > > >
> > > > > Markus Holmberg | Give me Unix or give me a typewriter.
> > > > > [EMAIL PROTECTED] | http://www.freebsd.org/
> > > >
> >
>
>
