[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewalling theory
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: firewalling theory
- From: Greg Thomas <getbsd_(_at_)_sbcglobal_(_dot_)_net>
- Date: Thu, 7 Feb 2002 20:54:32 -0800
On Thursday, February 7, 2002, at 07:34 PM, marco wrote:
The bad thing about proxy's is that one needs a proxy-program that does
it's thing between the client and the server. For example, if one needs
telnet then the proxy server needs to run an agent that transforms the
packets from the client into packets that go to the server. Nice concept
because you do have a physical separation between the client and the
server. The bad thing is let's say somebody comes up with the next
killer-app called connectme running on port 1034 the proxy server needs
to be re-written to add in the newest agent.
Yep, I work for an extremely large and diversified company, we seem to
have more business units than most companies have employees, and in
their infinite wisdom they've limited us to http, telnet, and ftp
proxies. And I doubt we'll ever get anything else. The ftp proxy sucks
so bad and telnet in general sucks that thankfully our director was able
to get us our own T1 so we could better manage our co-located servers
(without telnet). If the CSO knew I had two NICs in my computer, one
for the internal network and one for our T1, she'd roast me.
Never trust a top-poster.