Hi Peter,
Last time I used socks, I wasn't impressed. It takes a lot of very careful
configuration to make it secure. Properly configured it is perfectly secure
though. (Translation : Do A LOT of reading up on it)
I have not used socks for a long time because ipchains is a lot more mature
than ipfwadm was at the time. But I will agree there are certain
limitations.
Why don't you let me/the list know which apps you need to use with your
firewall that are causing problems. Most popular applications already have
fixes/workarounds that will allow you to use them with ipchains.
Have fun,
--
_________________________________________________________________
Brian Ashe CTO
[EMAIL PROTECTED] Dee-Web Software Services, LLC.
http://www.dee-web.com/
-----------------------------------------------------------------
You don't have to swim faster than the shark...
You just have to swim faster than the people you're with.
Friday, August 18, 2000, 6:56:19 PM, you wrote:
PK> Anyone?
PK> ----- Original Message -----
PK> From: Peter Kiem <[EMAIL PROTECTED]>
PK> To: <[EMAIL PROTECTED]>
PK> Sent: Thursday, August 17, 2000 9:59 PM
PK> Subject: How safe is Socks5 proxy on firewall?
>> Just after some opinions here.
>>
>> I have a number of servers sitting being an IPChains firewall. The
PK> IPChains
>> scripts are very restrictive, deny first then open specified ports only.
>> Pretty much no connection allowed to the firewall itself except for SSH.
>>
>> I need to install a Socks5 proxy to let some of my workstations (private
>> 192.168.0.x IPs) run net applications properly.
>>
>> Now whichever machine I put the Socks5 daemon on I really need to open up
>> all ports > 1023 for anybody to access to let the Socks5 daemon do it's
>> thing. It will be opening any unpriviledged port for output and will be
>> listening for incoming connections also on any unpriviledged port?
>>
>> Considering if I lock port 1080 from outside access, and configure socks5
PK> to
>> only allow access from the internal network:
>>
>> 1. Is it better to have the Socks5 on the server or the firewall?
>>
>> 2. How safe is it to open communications from anywhere port >1023 to my
>> machine port >1023
>>
>> Opinions anyone?
>>
>> Regards,
>> +-----------------------+---------------------------------+
>> | Peter Kiem | E-Mail : <[EMAIL PROTECTED]> |
>> | Zordah IT | Mobile : +61 0418 798 121 |
>> | IT Consultancy & | WWW : www.zordah.net |
>> | Internet Hosting | ICQ : "Zordah" 866661 |
>> +-----------------------+---------------------------------+
>> The Rules Have Changed...Be paid to Surf the Web!
>> http://au.nz.alladvantage.com/go.asp?refid=OMP682
>>
>>
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
PK> _______________________________________________
PK> Redhat-list mailing list
PK> [EMAIL PROTECTED]
PK> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
