![](https://seccdn.libravatar.org/avatar/f563266a5e6bf47369eb794a0db5f6d3.jpg?s=120&d=mm&r=g)
Remember, the defintion of Proxy is only for HTTP, FTP and GOPHEr, if you need access to other protocol, like POP, SMTP, DNS, etc etc you must have Ip Masq/NAT
Bollocks! Show me where you found that info! Bind and every other DNS server on the planet can act as a DNS Forwarder (aka proxy). Gauntlet FW, Tis Firewall Toolkit, Perdition and a number of other firewalls act as POP proxies. In fact the pop proxies often add functionality that the servers they are protecting dont support, Like APOP (Gauntlet and TFWTK), and SSL/TLS (Perdition) and load balancing (Perdition). SMTP on the other hand, is USUALLY not proxied, although again there are some commercial firewalls that do. Gauntlet and TIS "sort of" proxy it. PIX has a protocol "aware" "proxy", which is actually more of an "inspector". Infact it is rare to _need_ an SMTP proxy, as what you usually want is an SMTP blind relay (which is basically a SMTP server that is preconfigured to forward mail). I usually set these up with a combination of Obtuse SMTPD (a very nice, small SMTPD) on the frontend with Postfix/qmail/sendmail doing the work of spitting mail out the other side. The one downside of this is that you cant do AUTH with Obtuse SMTPD. If you need that, then I suggest Postfix due to its simplicity, although Qmail and Sendmail can do it equally well. In any case, if none of these programs existed you can always "proxy" a tcp request with a TCP forwarder of which there are plenty. RINETD is one. I hope that helps somebody.. -- Viel Spaß Peter Nixon - nix@susesecurity.com SuSE Security FAQ Maintainer http://www.susesecurity.com/faq/ "If you think cryptography will solve the problem, then you don't understand cryptography and you don't understand your problem."