RE: hi! I is it a way to make a transparent proxy server for ftp and telnet?

From: Merton Campbell Crockett <mcc@dont-contact.us>
Date: Thu, 6 Jan 2000 06:37:52 -0800 (PST)

On Thu, 6 Jan 2000, Dave J Woolley wrote:

> > From: Eric Wang [SMTP:eric@otherways.com]
> >
> > Is it a way to make a transparent proxy server for ftp and telnet?
> >
> What possible added value would a transparent
> proxy add over simply opening port 23 on the
> firewall for telnet?

A transparent Telnet proxy changes the source address presented to the
target system.

Depending upon local security policies, the user may, or may not, be
required to authenticate. If required to authenticate, usage restrictions
may be applied based on the specific user.

If authentication is not required, the use of a transparent Telnet proxy,
typically, regulates Telnet usage by limiting the resources available for
establishing a connection.

> Similar arguments would apply to ftp, except that
> you could limit people to particular directories and
> cache (although I haven't heard of non HTTP proxies
> which do this - but haven't looked for them either).

Typically, transparent FTP proxies function the same way as Telnet proxies.

> I think the main reason that ISPs run transparent
> HTTP proxies is to force people to use the cache,
> although access filtering and market researching their
> customers might be secondary reasons.

The rationale for transparent HTTP proxies is network bandwidth management
and network performance. One of my customers recently forwarded me a copy
of an announcement from one of his ISPs that touted these benefits.

Unfortunately, the ISP is a DoD Program Office that, momentarily, forgot
that the 100,000 or so systems that were to benefit from this transparent
proxy all sat behind firewalls. The defined procedure for handling the HTTP
requests to ports other than 80 was to allow requests from a specific IP
address to bypass the proxy.

Almost all of the firewalls proxy HTTP requests, so there are only a couple
of 100 unique IP addresses being used. So once you handle the exceptions,
there's no benefit from the wonderful boxes that are being installed.

It's amazing how DoD that funded the Harvest Project through DARPA forgets
all about the benefits of the Harvest cache (Squid).

Merton Campbell Crockett
Received on Thu Jan 06 2000 - 11:26:53 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:15 MST