Re: FTP Proxy on FW-1 ????

[youngk () ttc com]

> I am installing a Firewall-1 (3.0). I want it to be a ftp- and http-proxy
> rather then configuring it as a gateway.
> I have managed to get it configured as a http-proxy (security server and
> resource) and it's available for my clients. But I can't
> think of a way to do a ftp-proxy.



I have used the FWTK ftp-gw proxy running on a FW-1 box to do this same
thing.



If you want people only to use the proxy FTP, allow Internal_Net to connect
only to the firewall host, then use a secure inetd to spawn the ftp-gw. Use
netperm-table rules to define where clients can ftp to.



Otherwise, just allow Internal_Net to connect to Any & !Internal_Net for
non-proxy connections. Configure ftp-gw as mentioned above for proxy
connections.



You can also upgrade to FW-1 4.0 and use its http security server for FTP
connections, but knowing Checkpoint's track record for buggy code, I can't
imagine that it works very well.



If you need help with ftp-gw, post your message to either this mailing list
or to FWTK-users. I'm sure that most people on this list have either run
the FWTK or even some who have written major sections of its code  :-).



Cheers,



--Keith

-youngk () ttc com