On Wed, Sep 20, 2006 at 09:22:51AM +0100, Alan Smith wrote:
> *> or a machine with dual nics - one inside and one outside the firewall.
> *
> *Rod Dorman wrote:
> *This is effectively getting rid of the PIX!
> *
> *If its got both an inside and outside interface it can be configured as
> *a gateway such that any inside host can get outside completely bypassing
> *the PIX. Are you sure your network admins are OK with that?
>
> Ok - never write tehnical mails after 14 hours on a plane - they make no
> sense!!! In a nutshell, I need to know if I can use ftp-proxy on a machine
> inside our current PIX firewall. If it will only run on a machine running
> PF acting as the main firewall/gateway then I'm out of luck. I will not be
> using it if the only way would be a nic inside and outside of the firewall.
ftp-proxy interfaces with the OpenBSD pf(4) system to allow FTP through.
However, FTP traffic should be largely the same on both sides of the
gateway (replies will be sent to the firewall, and not to the internal
box), so it will not help in bypassing a firewall other than on the
machine that is running ftp-proxy.
Various tunneling options are available, of course...
Joachim
