Symantec Firewall (Raptor) has had a true CIFS proxy for about 5 years. It only supports TCP file sharing (port 139) but that allows file sharing between an internal segment and a server segment with relative safety (as much as any files sharing protocol can have). That is, an intruder could damage the share file, causing problems for the client, but couldn't initiate a connection back to client from server. The proxy has settings for various level of allowed operations (read only, printing only, time limited shares etc.)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson Sent: Fri April 12 2002 08:17 To: Mikael Olsson Cc: [EMAIL PROTECTED] Subject: Re: Proxy vs stateful... oh no, not again :) (Was: Re: MigrationfromGauntlet 5 to Firewall-1) On Fri, 12 Apr 2002, Mikael Olsson wrote: > Assume two boxes want to speak NetBIOS to eachother. (Yes, I know, > horrid. Let's assume that the server is a very stripped-down samba.) > > Assume box 1 behind if1 has IP 1.2.3.9, and wants to communicate > with hosts behind if2 with IPs 1.2.3.1--254 (sans .9 of course). > Tell me how a host route on _an available proxy firewall package_ > solves this. Absent the broadcast stuff, proxy ARP for the target victim and something plug-gw-ish should work just fine. I'm pretty sure I could write a "transparent" proxy that would include the broadcast stuff (and MAC target the broadcasts to the specific victim on the other end (SOCK_RAW is your friend.) I have zero experience with any available firewalls which cliam NetBIOS proxy support, so I can't say how/if they'd make anything possible- there's no way in hell I'd ever let it in/out through a firewall. If they work with subnets though, I can't see a reason they wouldn't work in a host-specific scenerio unless there's a broadcast issue- and most of that should be solvable with WINS or LMHOSTS unless there's something broadcasty other than name service about NetBIOS (it's been years since I had to support NetBIOS.) _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
