Date: Fri, 20 Mar 1998 15:18:23 +1100 From: Dewayne Geraghty <Dewayne.Geraghty@digital.com> To: "'Graphic Rezidew'" <rezidew@rezidew.net> Cc: freebsd-security@FreeBSD.ORG Subject: RE: I need some proxies! :) Message-ID: <B1977B6CC366D11195D30000F89CBDDF2D4354@snoexc1.dhcp.sno.dec.com>
next in thread | raw e-mail | index | archive | help
I think that the problem needs further clarification. To answer your question, Graphic. You'd put a proxy behind the firewall to minimize the types of attacks that can be launched against the proxy. If the proxy has nothing but the proxy software, then this is a pretty fair solution. A slight improvement on this stratgy is to place a relay on the outside of the firewall which is permitted, via the firewall, to only access the internal proxy server. internet - (external proxy relay/bastion host) - filter gateway - internal proxy server - internal backbone Some books call these different things: here the "proxy server" is internal, and the "proxy relay" is external. BTW: squid's a good choice for the internal proxy/cache server - but as I'm very new to FreeBSD (and UNIX in general), I'm unsure of what applications provide relay services? Kind regards, Dewayne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B1977B6CC366D11195D30000F89CBDDF2D4354>