On 20. sep. 2006, at 10.22, Alan Smith wrote:
*> or a machine with dual nics - one inside and one outside the
firewall.
*
*Rod Dorman wrote:
*This is effectively getting rid of the PIX!
*
*If its got both an inside and outside interface it can be
configured as
*a gateway such that any inside host can get outside completely
bypassing
*the PIX. Are you sure your network admins are OK with that?
Ok - never write tehnical mails after 14 hours on a plane - they
make no sense!!! In a nutshell, I need to know if I can use ftp-
proxy on a machine inside our current PIX firewall. If it will only
run on a machine running PF acting as the main firewall/gateway
then I'm out of luck. I will not be using it if the only way would
be a nic inside and outside of the firewall.
Sorry for the confusion (and thanks for the reply Rod)
Alan
Hi,
A few thoughts for you to explore:
1. A good number of web browsers etc support authenticated ftp
'upload' via a proxy (e.g. squid), thus fixing your problem -
googling direct you on this...
2. if you can put an openbsd box on the inside of the PIX, and make
the client traffic go via it (e.g. their default gateway), then you
can use the ftp-proxy.
3. recent PIXen support WCCP2 protocol, as does squid (i believe it's
just a GRE tunnel basically), so maybe you could run squid on openbsd
to direct traffic appropriately, once redirect from the PIX.
food for thought anyway
/Pete
