From owner-freebsd-net@FreeBSD.ORG Thu Jan 15 03:04:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C440516A4CE for ; Thu, 15 Jan 2004 03:04:17 -0800 (PST) Received: from mail008.syd.optusnet.com.au (mail008.syd.optusnet.com.au [211.29.132.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DF4A43D66 for ; Thu, 15 Jan 2004 03:03:55 -0800 (PST) (envelope-from tfrank@optushome.com.au) Received: from marvin.home.local (c211-28-241-189.eburwd5.vic.optusnet.com.au [211.28.241.189])i0FB3qd32353; Thu, 15 Jan 2004 22:03:52 +1100 Received: by marvin.home.local (Postfix, from userid 1001) id 6A969282; Thu, 15 Jan 2004 22:03:51 +1100 (EST) Date: Thu, 15 Jan 2004 22:03:51 +1100 From: Tony Frank To: "Nicol?s de Bari Embr?z G. R." Message-ID: <20040115110351.GA13204@marvin.home.local> References: <23621.148.243.211.1.1074138598.squirrel@mail.unixmexico.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <23621.148.243.211.1.1074138598.squirrel@mail.unixmexico.com> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: Secure MSN and ICQ chat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jan 2004 11:04:17 -0000 Hi there, On Wed, Jan 14, 2004 at 09:49:58PM -0600, Nicol?s de Bari Embr?z G. R. wrote: > Right now i have an tunnel with IPSEC to another FreeBSD Server the one is > on a secure network and on a different building, what i was thinking to > do, was to install a proxy on the Secure FreeBSD server and configure the > MSN/ICQ clients to use that proxy so only that traffic could go out using > the secure network. > > I would like to know if there is a better option for securing this > communications, or if this idea is fine and what proxy software do you > recommend to install for doing this. If you dont mind configuring all your users then you can use a SOCKS proxy on the secure FreeBSD server. I use 'nylon' from ports for this purpose quite effectively (although only for a home network of up to about 5 clients) Another option is to simply route the MSN/ICQ traffic across to the other server. Either route everything through the ipsec link to the other server (ie make it your default route) or if you know the MSN/ICQ server IP range you can just route the specific subnets. Regards, Tony