[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Generic TCP Proxy?

Look at Port Forwarders at the freefire tools page:


netcat (nc - comes with OpenBSD) or plugdaemon should do.


-----Original Message-----
From: Drew Smith [mailto:drew_(_at_)_pctc_(_dot_)_com]
Sent: Tuesday, October 03, 2000 4:12 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Generic TCP Proxy?

	Hey folks,

	Asked this once before, but I guess I'll ask again - I've worked for
couple more weeks following false leads, and I'm right back to where I
started from.

	I need a generic TCP proxy to put on my bastion host.  It should be
able to forward a connection from my internal network to a specific
server:port; ie client connects to bastion:25, bastion proxies the
connection through to mailserver:25, with mailserver sitting in the
DMZ.  I'll need it to proxy pop3, smtp, an oracle connection or two, and
a few higher ports for monitoring software.

	Before I get another five flames, six "RTFM!"s, four "Use IPNAT's
function"s and three mail simply stating "ipf", allow me to specify. 
I'm not looking for a web proxy, I'm using squid for that.  Squid is
perfect.  I want squid for other kinds of connections.  I'm also *NOT*
looking to provide general internet access to my users - I want to
completely restrict them to the barest essentials - squid handles 99.5%
of anything Joe Average User wants to do anyway.

	I've tried "simpleproxy" and "balance".  Simpleproxy doesn't like
fact that there can be up to 50 connections to it at once.  Balance is
nice, but would be even nicer if it worked as advertised and didn't drop
twenty or so zombies every half-hour.  Both were from freshmeat. 

	I've setup (and am currently using) IPNat.  I have a problem with
- it's ugly, and it introduces security holes into my network.  I'm not
saying IPNat is insecure, I'm saying that I'm not perfect, and the
likelyhood of me missing something in setup isn't ignorable.

	I want this machine to accept connections on ports 21, 25, 110,
and a few in the 566x range, and forward them to specific machines in
the DMZ.  I *don't* want to be able to see the world from my protected
network.  I'm looking for a simple, stand-alone daemon to proxy these
requests for me, and to be honest, I'm shocked that this isn't included
with OpenBSD - it seems like it should be a fairly standard application.

	*Please*, if there's someone out there who's been in the same boat,
drop me a line.  I've been at this too long now, and I'm frustrated - I
just want to forward some ports!

	- Drew.

Drew Smith, UNIX Network Administrator
Pacific Corporate Trust Company, Vancouver

Visit your host, monkey.org