Hi All, In order to let the clients use NNTP and because I don't want to run a NNTP server I have set up plug-gw from the TIS toolkit so I don't have to use masquerading on the SuSEfirewall. Question is: Can plug-gw safeley be run as a daemon or should it be invoked by tcpd? I don't want to compromise any security set by the firewall. Thanx, Peter
Hi Peter, Peter ten Have wrote:
Question is: Can plug-gw safeley be run as a daemon or should it be invoked by tcpd? I don't want to compromise any security set by the firewall.
The FWTK tcp wrapper is netacl. You may use it with inetd. Netacl read the netperm-table. If you start the gw as daemon, the gw will read the netperm-table. I'm running some gw's about 2 years and it seems to be safe. BTW, check the source code for bugs and possible sec holes b4 using the gw. ;-) andy -- ------------------------------- mailto:Andreas.Tirok@beusen.de fon: +49 30 549932-37 fax: +49 30 549932-21
Hi Peter,
Hi All,
In order to let the clients use NNTP and because I don't want to run a NNTP server I have set up plug-gw from the TIS toolkit so I don't have to use masquerading on the SuSEfirewall.
Question is: Can plug-gw safeley be run as a daemon or should it be invoked by tcpd? I don't want to compromise any security set by the firewall.
Thanx, Peter
If it is at all possible to run the gw from inetd, then it actually makes
no difference if you run it standalone or from inetd (from the security
standpoint). Just make sure the other services in /etc/inetd.conf are
commented out and that opening multiple connections to inetd within short
time may cause inetd to terminate the service because it detects a loop
(see inetd.conf manpage).
Regards,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
Andreas Tirok
-
Peter ten Have
-
Roman Drahtmueller