I hope this isn't blindingly obvious but I have a squid proxy and cache
server in a dmz and it allows access to a few netware servers that can be
controlled remotely from a browser (using non-standard http and https ports.
I haven't, as yet, implemented the ip spoofing feature of fw-1 (cos it
hampered some ssh services we need) and I want to know how to ensure that
access to the squid (and hence netware servers) can be done from outside the
firewall.
The rules for squid are ftp, http (80), https allow from out to in and allow
access to squid on our non-standard http port from inside.
For control of netware we have (for example) http on port xxx4 and https on
port xxx7 so the rule is internal_net_object to squid on those ports, allow
and log. What if someone address spoofed us, could they access squid and the
netware servers or would we need to have the addresses of the netware
servers NAT'd to leagal internet addresses? or am I just paranoid? Sometimes
it's hard to be as inspired and resourceful as a black-hatted individual!
regards
e
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
