Mailinglist Archive: opensuse-security (260 mails)
| < Previous | Next > |
webserver behind firewall with ingoing and outgoing ftp ?
- From: Tobias Gasser <gasser@xxxxxxxxx>
- Date: Wed, 26 Jul 2000 20:01:45 +0200
- Message-id: <00072620324702.00474@scully>
Hello,
i need to set up a webserver behind a ipchains packet-filter.
In the firewals config-file eth0 is the external- and eth1 the
dmz-device.
There have to be ingoing _and_ outgoing ftp-connections to the
webserver.
So the first problem: How can I handle it to not simply forward
all high ports to the Webserver ? I tried it with fwproxy, but
it hangs after entering the login name (just like having not allowed
ftp connections via hosts.deny - but then I wouldn't even get
a login prompt).
The second problem: outgoing ftp-connections work fine if i enable
masquerading for the webserver - evident - , but then I can't get any
connections to the webserver, cause the replies are being masqueraded
- evident too.
So, is there a simple way to get this to work ?
Thank you in advance!
Tobias
i need to set up a webserver behind a ipchains packet-filter.
In the firewals config-file eth0 is the external- and eth1 the
dmz-device.
There have to be ingoing _and_ outgoing ftp-connections to the
webserver.
So the first problem: How can I handle it to not simply forward
all high ports to the Webserver ? I tried it with fwproxy, but
it hangs after entering the login name (just like having not allowed
ftp connections via hosts.deny - but then I wouldn't even get
a login prompt).
The second problem: outgoing ftp-connections work fine if i enable
masquerading for the webserver - evident - , but then I can't get any
connections to the webserver, cause the replies are being masqueraded
- evident too.
So, is there a simple way to get this to work ?
Thank you in advance!
Tobias
| < Previous | Next > |