Best-of-breed Proxies (was Re: Proxy Firewalls ...)

[Bennett Todd <bet () rahul net>]

This is a terrific list to work up. Of course it changes over
time....

2003-01-30T11:47:21 Marcus J. Ranum:
> tn-gw                         ssh

For a gateway, I've constructed a highly restrictive ssh proxy
setup.

It used a chrooted sshd with private passwd/shadow files in the
chroot jail. The login shell for the users in that private passwd
was a teensy C program, that looked up the $LOGNAME in a private
config file to get a destination host, and execed an ssh client to
that host. This prevented all port forwardings and the like.

This was work-for-hire, and I no longer have that code and couldn't
give it away if I did, but such a C wrapper is awfully trivial to
write.

> smap                          postfix

While I like Postfix best for such applications, another candidate I
wouldn't criticize is qmail. Different strengths and weaknesses,
appeals to some folks.

> dns                           bind, chrooted (finally)

djbdns --- dnscache is deal for use as a firewall DNS proxy.

-Bennett

Attachment: _bin
Description: