From owner-freebsd-questions Sun Dec 15 09:42:58 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA16563 for questions-outgoing; Sun, 15 Dec 1996 09:42:58 -0800 (PST) Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA16558 for ; Sun, 15 Dec 1996 09:42:53 -0800 (PST) Received: (from nadav@localhost) by gatekeeper.barcode.co.il (8.7.5/8.6.12) id TAA00856; Sun, 15 Dec 1996 19:42:48 +0200 (IST) Date: Sun, 15 Dec 1996 19:42:48 +0200 (IST) From: Nadav Eiron To: Ahmad Lokman cc: "'freebsd-questions@freebsd.org'" Subject: Re: Proxy software for FreeBSD 2.1 Release In-Reply-To: <01BBEAE4.F83E5BE0@sting.alurtenaga.com.my> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 16 Dec 1996, Ahmad Lokman wrote: > I would to know how do i configure the FreeBSD server as a firewall server or > bastion host and do proxy for popular sockets such as telnet, ftp, > smtp, http and etc. If any one of you know or have experience with it > please reply to me. > > Any help would be highly appreciated > > regards, > alhh > First, 2.1.5 (and 2.1.6) are better suited to such a task as they have a much better version of the IP packet filter ipfw. Proxies for most of the services you may require are included in the TIS fwtk (it is in the ports collection). However, you may want to use a caching http proxy (like squid, also in the ports) to improve performance. The most important thing of all is to know what you're doing and have a clear policy of what you *want* to do. A good firewall is much more than the right software. My favorite book on the subject is: Firewalls and Internet Security - Repelling the Wily Hacker William R. Cheswick & Steven M. Bellovin Addison-Wesley ISBN: 0-201-63357-4 Good luck, Nadav