Hallo,
I have a RH 6.0 box stripped bare, with FWTK installed. IP-forwarding=NO.
IP-firewalling=YES.
It is dual-homed, and it will be subnetted (Class C split into 2).
Currently it is not because I am attempting to configure it correctly before
I drop it in the network perimeter it is destined for.
The first issue I had was that it would not compile the authsrv. First, it
was missing a header. I found the header, and now, it won't link the
obj...fails at ld. This is only an issue if I wanted to use the authsrv
module for auth (which I did), but regardless of that, I still haven't been
able to get the http-gw to work properly.
I do have the ftp-gw working successfully on it. When I set my browser to
use this box as proxy, it successfully reaches FTP sites. However, if I
attempt an http transaction, it tries connecting to the box 3 or 4 times,
then quits, unsuccessfully (using port 80 for proxy). I think my
netperm-table rules for http-gw is something along the lines of...
http-gw: allow_hosts *
inetd.conf is set to use http-gw
services file is set to use port 80 for http
I have no auth rules in netperm-table for http-gw, just that one rule, which
is supposed to allow everything.
All of this inspired me to install Squid 2, and use that for http proxy.
This works fine. However, I'd still like to know why http-gw from FWTK
won't work. I'll also need to implement plug-gw for other net-based
services that users will want. I also have sendmail running on a RH 5.2
machine, which I'd like to leave untouched. It will sit inside the
protected LAN, so I need to be able to pass smtp traffic to it through the
firewall machine. The way I understood it, smapd is for sendmail running on
the firewall machine itself...so I would again need plug-gw to handle
this...or am I wrong here?
My question is this: does anyone have a netperm-table config file they could
send me (especially with http-gw and plug-gw rules) that I could take a look
at, to ensure I'm not completely crazy. Any other ideas or suggestions
welcome.
Thanks in advance,
Davis
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
