Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!waikato.ac.nz!comp.vuw.ac.nz!cc-server4.massey.ac.nz!G.Eustace From: G.Eustace@massey.ac.nz (Glen Eustace) Newsgroups: comp.protocols.tcp-ip Subject: Re: Setting up a Firewall system, proxy-ftp and proxy-telnet, ... Message-ID: <1991Apr29.205508.23094@massey.ac.nz> Date: 29 Apr 91 20:55:08 GMT References: <9104261319.AA15264@frodo.jdssc.dca.mil> Organization: Massey University, Palmerston North, New Zealand Lines: 24 X-Reader: NETNEWS/PC Version 2.2 Our solution to the host security situation would involve 2 major components. 1 Our intended firewall machine, and 2 our Cisco router. The Cisco can be setup to only allow certain kinds of IP connections to and/or from hosts that match specific conditions. Our intention had been to provide all of our other hosts with a version of telnet and ftp etc. that connected internally to the firewall machine and then had it connect to the outside world via the cisco. As has already been posted, the problem is the software. We need a client front end for the various utilities, telnet, ftp etc. and a server that could run on the firewall machine. e.g. Client ------------> Firewall Host -------> Cisco -----> Internet The Cisco would be setup to only allow outgoing telnet and ftp from the Firewall Host. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Glen Eustace, Systems Software Manager | EMail: G.Eustace@massey.ac.nz Computer Centre, Massey University, Palmerston North, New Zealand Phone: +64 63 69099 x7440, Fax: +64 63 505 607, Timezone: GMT-12