On Mon, Nov 29, 1999 at 04:35:47PM +0000, Rene Mayrhofer wrote: > Kiss Csaba wrote: > > What type of your firewall ? Packet-filtering or proxy-based or > > statefull or other > In principle it is open to any concept. > We use a combination of packet-filtering (standard linux kernel) and > proxies (e.g. for ftp which is a nightmare to packet-filter).
Which proxy package did you use? We (here at BNL) are looking at building a sitewide 'screened subnet' firewall. I'm having a hard time getting my mind around the proxies. We will have a bunch of machines running as proxy servers. Do you run all proxies on all servers? 1 proxy per server? Then, how do you know which one to go to? > But if you use the sifi kernel module, you can have stateful inspection > as well (I hope that standard kernel 2.4.x will get a stateful > inspection module sometimes - maybe I will write one using the netfilter > API). Really? It looked like sifi was just packet filtering to me! What kernel are you running sifi with? I've tried 2.2.10-2.2.12, and it panics the kernel quite regularly... Tim -- (work) [EMAIL PROTECTED] / (home) [EMAIL PROTECTED] - http://www.buoy.com/~tps Organization is the enemy of improvisation. ** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**
