From owner-freebsd-questions@FreeBSD.ORG Mon Feb 2 10:30:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F178116A4CF for ; Mon, 2 Feb 2004 10:30:14 -0800 (PST) Received: from www.wcborstel.nl (node-c-0ab6.a2000.nl [62.194.10.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1149643D46 for ; Mon, 2 Feb 2004 10:30:10 -0800 (PST) (envelope-from jorn@wcborstel.nl) Received: from sauron.emea.middle-earth.org (unknown [172.16.1.2]) by www.wcborstel.nl (Postfix) with ESMTP id A44941706F; Mon, 2 Feb 2004 19:28:17 +0100 (CET) From: Jorn Argelo To: Date: Mon, 2 Feb 2004 19:30:19 +0100 User-Agent: KMail/1.5.4 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200402021930.19028.jorn@wcborstel.nl> cc: questions@freebsd.org Subject: Re: proxies and firewalls X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2004 18:30:15 -0000 On Monday 02 February 2004 19:04, you wrote: > Thanks for the detailed explanation. > The light bulb has turned on in my head. > I learn something new all the time on this list. > > So let me put this in my own words to verify I understand correctly. > Lets say I have gateway box running 5 PCs on LAN behind it, > with cable dhcp connection to ISP. > The gateway box runs IPFILTER firewall and IPNAT to do NAT function. > > I can discontinue using IPNAT and install an application level proxy > server on my gateway box and it will by default intercept all LAN > and gateway originating packet traffic destine for the public > internet after it's processed by my firewall and handle the > bi-directional traffic transparently? Well, at home I'm using both NAT and a proxy server, but that's because I can't play some online games by means of the proxy server, and the MSN clients are refusing to work my proxy server as well, but for browsing all four the computers are using the proxy server. I'm not running a firewall, because the proxy server provides decent security for home use here. All the ports are closed except those which are needed. (Webserver, Mail server etc) If you're at a small company then the current situation you describe seems just fine to me. If you're at home then you can use this as well, but if you got a gamer at home he isn't going to be happy since you can't really use a proxy for online gaming. So it depends a bit.... Hope this helped a bit. Cheers, Jorn