Sometimes it is not feasible to run a separate WWW or Gopher server outside your firewall. Because of hardware or other constraints, you cannot devote a separate system to be your WWW server. Or, you do not expect enough traffic to justify another system, but still want to offer WWW services to your customers. Instead, you want to run the WWW server securely on the firewall itself. Most WWW servers are large programs, making it harder to ensure that they do not have any security holes.
The Info Server included with the Gauntlet Firewall securely services requests for HTTP and Gopher services.
The following sections explain how the Info Server works, how to configure the server for the various protocols, and how to use the server:
The Gauntlet Info Server is a minimal Web server. The server, which runs on the firewall, works with a set of management tools to service HTTP and Gopher requests. You can configure the server to allow connections based on:
source IP address
source hostname
You would use the Gauntlet Info Server in place of another HTTP server (such as the CERN or Netscape HTTP servers) or Gopher server (such as the University of Minnesota Gopher Server).
The Info Server implements a minimalist design, in which the server handles only the file requests. A variety of management tools (on a per service basis) actually provide the data. These smaller programs are easier to analyze and verify that there are no holes. Simpler code is easier to verify.
The Info Server (info-gw) runs on the firewall as a daemon listening for TCP-based requests on port 8000. When the firewall receives a request, it forks a child copy of the Info Server, leaving the parent Info Server to continue listening for requests.
The child Info Server process looks at the request and places it in one of several categories (such as Gopher or HTTP).
It checks the appropriate configuration information and determines whether the requesting host has permission to use the desired service. If the host does not have permission, the Info Server logs the connection and displays an error message.
If the host has permission to use the service, the Info Server uses its internal database (by default in /usr/local/etc/infodb) to find the requested file or to go to the requested directory. The client thinks it is talking to a regular HTTP or Gopher server, even though it is not.
When the Info Server processes a request, it does not use standard directory commands to traverse the file hierarchy on the firewall. Instead, the Info Server uses a database manager, which translates the HTTP or Gopher request into the internal database structure. The database manager then tells the Info Server the actual name of the file, which the server displays or returns to the client. The database uses /usr/local/etc/infodb as the root directory for the database.
The database structure restricts the number of characters that can exist in a filename and translates others. It uses particular letters to designate particular types of files and directories. The database uses the first letter of file and directories to indicate the type of file or directory type.
The database structure recognizes only those directories with names that start with the letter D. When the Info Server receives an HTTP request for a file in the images directory, the database manager translates the request and looks in the Dimages directory.
The database structure also translates other characters in directory names. It translates the dot (.) character in file names to the zero (0) character. When the Info Server receives a request to go to the directory /../../etc, the database manager translates the request and looks for the directory D/D00/D00/Detc. Because the root directory of the database is actually /usr/local/etc/infodb, the Info Server is actually looking for /usr/local/etc/infodb/D/D00/D00/Detc.
 | Note: The Info Server always looks for files within its own directory tree. It does not and cannot move back out of its directory tree to other areas of the systems, as some HTTP or Gopher servers do. |
The database structure recognizes only those data files that start with the letter A. When the Info Server receives a request for the file readme, the database manager translates the request and look for the file Areadme. HTTP and Gopher requests both return these files.
The database structure looks for HTTP header files (for HTTP version 1.0) in files that start with H. These contain information about the document, such as content length and encoding, and are sent with each download.
The database structure also limits the characters that can exist in filenames. It translates the dot (.) character in filenames to the zero (0) character. When the Info Server receives a request for the file latest.gz, the database manager translates the request and looks for the file Alatest0gz.
In many cases, the files that start with A and H are actually symbolic links to the real text or binary file. For example, the file Alatest0gz would actually be a symbolic link to latest.gz. For text files, the A file is generally a copy of the actual data file with every line terminated with a carriage return/line-feed pair. You do not need to create files specifically for use with the Info Server. You merely need to create symbolic links or copies of the files that the database understands.
The database structure recognizes only those query programs and executables with names that start with the letter Q. When the Info Server receives an HTTP request that contains a query, such as animals?dogs, the database manager translates the request and tries to run the program Qanimals. The database manager passes all the information after the query marker (? for HTTP requests and a Tab for Gopher requests) to the query program.
The Q files are usually symbolic links to the executable program. For example, the program Qimagemap could actually be a symbolic link to imagemap.
When the Info Server receives a request to display a Gopher menu, it instead returns a specific file that contains the list of files that you wish to display for that directory. For example, when the Info Server receives a Gopher request for the menu in a directory, the database manager translates this request and returns a file with a name that begins with G in the current directory. The client displays a menu of files that looks like the list of files you might see with any other Gopher server.
The G files are actual files that contain Gopher menus. You create the files, listing only those files that you wish to appear in the menu. For example, the Gmenu file could contain only the list of files that you want anyone to view, even though you have other files in the directory.
To access the Info Server configuration:
Configuring the Gauntlet Firewall to run an Info Server involves planning, creating files, placing files on the firewall, adding files to the database, and enabling the proxy.
Determine which services (HTTP, or Gopher) you wish to offer.
Determine who will put the files onto the firewall. Remember that if you want your WWW or Gopher administrator to have access, you need to give them an account on the firewall, which is not recommended. Instead, make arrangements with your WWW or Gopher administrator to periodically transfer files for them.
Create your text and executable files as you would for use with any HTTP or Gopher server. You do not need to modify references to directories or to executables within your documents.
To set up your files for use with the Info Server on the firewall:
Log into the firewall and become root.
Create your directory structure under /usr/local/etc/infodb/D.
Prefix each directory with the letter D when you create the directory. For example, if you want to keep all of your pictures in the images directory, use these commands:
# cd /usr/local/etc/infodb/D # mkdir Dimages
Copy all your files (HTML, text files, executables, and pictures) to the appropriate directory.
This process creates the A and H files for HTML files, the Q files for queries, and so forth. The process differs slightly for text and binary files.
Adding text files to the database creates the necessary A and H files in the database. Use the addtext program (/usr/local/etc/infodb/tools/addtext).
To add text files to the database:
Create the A and H files with these commands:
addtext file ctfiletype
file is the name of the text file. ctfiletype is one of the default header file types used to create an HTTP version 1.0 header file, it can be either of these:
cthtml—HTML text header (default)
cttext—Text header
Consult /usr/local/etc/infodb/tools for a list of currently available sample headers. Use these files as templates to create your own header files, if necessary.
Repeat this process for every file you wish to have accessible via the Info Server.
Adding binary files to the database creates the necessary A and H files for images. Use the addfile program (/usr/local/etc/infodb/tools/addfile).
To add binary files to the database:
Create the A and H files with these commands:
addfile file ctfiletype
file is the name of the binary file. ctfiletype is one of the default header file types used to create an HTTP version 1.0 header file, and can be one of the following:
Consult /usr/local/etc/infodb/tools for a list of currently available sample headers. Use these files as templates to create your own header files, if necessary.
Repeat this process for each binary file you want to have accessible via the Info Server.
Adding query files to the database creates the necessary symbolic links for the query file.
To add query files:
Create the symbolic link:
# ln -s file Qfilename
file is the path and file of the actual query executable. Qfilename is the name of the executable prepended with a Q and any periods converted to the zero (0) character.
Repeat this process for each query file you wish to have accessible via the Info Server.
Creating Gopher menu files actually creates the text file that the Info Server displays when it receives a request for a Gopher menu.
To create Gopher menus:
Execute the list command and redirect it to a file that starts with G. You may wish to restrict the files that the command displays, so that it looks like a normal Gopher menu. See the makedirlist script for examples of redirecting list files to text files for the Info Server.
Modify the resulting file and add the other standard Gopher menu fields.
On the Info window, click Enabled.
Add the Info Server configuration to the service groups you want to use the Info Server.
Before exiting the Gauntlet Firewall Manager, save and apply your changes.
The firewall enables the Info Server.
Advertise your HTTP or Gopher Server to your customers or the world. Be sure to:
Advertise the outside IP address of the firewall for customers outside your defense perimeter. For example, Yoyodyne tells customer to visit this web site:
http://fire-out.yoyodyne.com:8000/welcome.html
For added security, you should not advertise that the Info Server is running on the firewall. For example, Yoyodyne should create another record in its DNS database indicating that the name www.yoyodyne.com maps to the outside interface of the firewall. This would allow them to use this URL:
http://www.yoyodyne.com:8000/welcome.html
Advertise the inside IP address of the firewall for your own users. For example, Yoyodyne tells its employees on the inside network to use this URL:
http://10.0.1.100:8000/welcome.html
Specify which connections should use port 8000 for HTTP and Gopher requests.