From owner-freebsd-security  Tue Jan 19 23:06:48 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA14816
          for freebsd-security-outgoing; Tue, 19 Jan 1999 23:06:48 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from idea.co.uk (ultra2.idea.co.uk [194.36.20.11])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA14800
          for <freebsd-security@freebsd.org>; Tue, 19 Jan 1999 23:06:27 -0800 (PST)
          (envelope-from kiril@idea.co.uk)
Received: (from kiril@localhost)
	by idea.co.uk (8.9.2/8.9.2) id HAA26541
	for freebsd-security@freebsd.org; Wed, 20 Jan 1999 07:03:59 GMT
From: Kiril Mitev <kiril@idea.co.uk>
Message-Id: <199901200703.HAA26541@idea.co.uk>
Subject: optimal fwall/proxy cfg for www ?
To: freebsd-security@FreeBSD.ORG
Date: Wed, 20 Jan 1999 07:03:58 +0000 (GMT)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I wonder if anyone can suggest what are the tradeoffs between
those two scenarios, assuming a non-forwarding gateway or
firewall:

1. run squid on the firewall. this i am quite sure is the
faster option both to configure & run

2. run squid outside of the firewall and (say) FWTK's http
proxy on the firewall, or

3. <gasp> run squid inside the firewall, with the same 
http proxy on the f/wall.

comments/ideas/flames, please...

Kiril

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message