AW: [suse-security] rinetd as proxy
As far as I understand proxying there's caching and (from a security point of view) scanning the traffic for viruses, blacklisted URLs and whatever-you-want-to-scan involved. So you can't just proxy anything generically, because you don't have enough information about protocolls, who's involved and so on. As far as I understand your problem you need masqerading or NATting. You can install proxies for known applications/protocolls like ftp, http, e-mail (though proxy's not the right word, which would be mail-relay), irc, icq, ... rinetd is just portforwarding, if you want to forward one specific port (e.g. localhost:80) to another port on the same or on another computer (e.g. intranet.my.domain:80). rinetd provides one-to-one connectivity, not one-to-many, which, I guess, would be your motivation for installing a proxy. regards, Stefan -----Ursprüngliche Nachricht----- Von: Robert Rottscholl [mailto:lv426@rinx.de] Gesendet: Dienstag, 12. Februar 2002 12:19 An: suse-security@suse.com Betreff: [suse-security] rinetd as proxy Dear List, now I know what rinetd is and where I can find it. But now my main problem: Can I disable forwarding and instead use rinetd to proxy all tcp connections(not FTP and HTTP)? Ciao ;-) Robert Rottscholl - DE -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* Peer Stefan wrote on Tue, Feb 12, 2002 at 13:19 +0100:
As far as I understand proxying there's caching and (from a security point of view) scanning the traffic for viruses, blacklisted URLs and whatever-you-want-to-scan involved.
Proxies are able to "understand" the data they pass usually, but this not necessarily means that they should cache (but sometimes this is nice :)). Proxy is usually something on Application Layer.
As far as I understand your problem you need masqerading or NATting. You can install proxies for known applications/protocolls like ftp, http, e-mail (though proxy's not the right word, which would be mail-relay), irc, icq,
A lot of TCP protocols can be relayed. This relaying is similar to a proxy, we could call it a "null" proxy, since it does nothing additionally :) It "sees" the data as stream, but does not interpret it.
rinetd is just portforwarding, if you want to forward one specific port (e.g. localhost:80) to another port on the same or on another computer (e.g. intranet.my.domain:80).
Well, it uses two TCP connections for each client connection, it not forwards just packets, it's something slighly "higher".
rinetd provides one-to-one connectivity, not one-to-many, which, I guess, would be your motivation for installing a proxy.
Why do you think so? I cannot imagine that rinetd is limited in this way (if I understand "one-to-one connectivity" right). You are able to connect multiple client to rinetd at the same time of course. In taht case, rinetd "looks" like multiple clients from server's side, too. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
Peer Stefan
-
Steffen Dettmer