> > for proxies you can usually use the FWTK (www.fwtk.org).
> while the proxies
> > do have their limits, within those limits they work well.
>
> After pouring through code and trying to do some
> modifications (adding in
> RADIUS authentication AIR), I'd generally take Apache's mod_proxy over
> http-gw unless active content filtering needs to be put in
> place. That
> just could say something about my code reading skills though :)
>
> Otherwise fwtk is a solid recommendation.
>
> Paul
Small note to the unwary - NEVER let external parties talk to http-gw. If
you are protecting an internal WWW server and want to use the FW as a
"proxy" rather than a packet filter, you should use plug-gw in FWTK terms.
(http-gw will cheerfully let you change the port you're talking to from 80
to anything else. This is occasionally useful for internal clients, but very
bad for the outside world.)
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
