Re: [suse-security] webserver behind firewall with ingoing and outgoing ftp ?

It sounds like you may want to use a redirector. This is a program which accepts a connection on one interface and redirects it to another. For example, if you had a web server inside a network that was masqueraded/firewalled, you'd install the redirector on the firewall and tell it to redirect any connections from the Internet on port 80 to the Web server. We have been using the program 'redir' for this for several months with no problems. -- Jeremy Buchmann System Admin/Database Programmer Wells Gaming Research ----------

From: Tobias Gasser To: SuSE Security Subject: [suse-security] webserver behind firewall with ingoing and outgoing ftp ? Date: Wed, Jul 26, 2000, 11:01 AM

Hello,

i need to set up a webserver behind a ipchains packet-filter. In the firewals config-file eth0 is the external- and eth1 the dmz-device. There have to be ingoing _and_ outgoing ftp-connections to the webserver.

So the first problem: How can I handle it to not simply forward all high ports to the Webserver ? I tried it with fwproxy, but it hangs after entering the login name (just like having not allowed ftp connections via hosts.deny - but then I wouldn't even get a login prompt).

The second problem: outgoing ftp-connections work fine if i enable masquerading for the webserver - evident - , but then I can't get any connections to the webserver, cause the replies are being masqueraded - evident too.

So, is there a simple way to get this to work ?

Thank you in advance! Tobias

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com