From owner-freebsd-questions Sat Jul 10 17:55:15 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.clientlogic.com (ns.clientlogic.com [207.51.66.75]) by hub.freebsd.org (Postfix) with ESMTP id 8CA0B14D54 for ; Sat, 10 Jul 1999 17:54:43 -0700 (PDT) (envelope-from ChrisMic@clientlogic.com) Received: by site0s1 with Internet Mail Service (5.5.2448.0) id <3DAYWTWX>; Sat, 10 Jul 1999 20:54:44 -0400 Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105A95@site2s1> From: Christopher Michaels To: "'jmutter@netwalk.com'" , freebsd-questions@freebsd.org Subject: RE: FreeBSD as a proxy server Date: Sat, 10 Jul 1999 20:56:43 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'll try and field a few of these. > -----Original Message----- > From: James A. Mutter [SMTP:jmutter@netwalk.com] > Sent: Saturday, July 03, 1999 1:57 PM > To: freebsd-questions@freebsd.org > Subject: FreeBSD as a proxy server > > > Howdy all, > > I'm going to be building a proxy server for work in the next few > weeks. I've got a couple of questions. > > 1. Is Squid my only alternative? I've used it before and don't mind > doing it again, but if there are alternatives I'd like to know about > them. Payware and Freeware are both acceptable. > A quick search through the ports collection shows up. Squid, tinyproxy, transproxy, wcolEpro-1998.07.13, wwwoffle. I personally use Squid and like it, but I don't serve that many users. > 2. What type of hardware am I looking at? I was considering an AMD > K6/2 300/350/400 + 128M + 4.5 Wide SCSI. It will only serve between > 30 and 50 users and internet activity will be kept to a minimum. > Sounds fine to me, I have several K6-2 chips and they are good performers. > 3. How do I configure the box so that the only access to the outside > world is though the proxy? Can I just take proxied ports out of > /etc/services? This seems like the wrong answer, but I've never done > this before so maybe it is the right way to do it. > You'd probably want to comment out entries in /etc/inetd.conf, not /etc/services. Also take a look at setting up the firewall (ipfw or ipfilter). > 4. Finally, the higher-ups are worried about virii. Is it possible > to scan downloads including ActiveX and Java/Javascript at the proxy > before they are passed on to the client machines? Again, payware is > an acceptable solution. I believe that solutions such as this exist > for NT, but I've not seen anything for FreeBSD. > This I don't know. Sorry. :( > As usual, any responses, suggestions, life-lessons, and even random > chatter are appreciated! > > Thanks again, > Jim > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message