From owner-freebsd-security  Thu Mar 19 20:18:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA16786
          for freebsd-security-outgoing; Thu, 19 Mar 1998 20:18:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail13.digital.com (mail13.digital.com [192.208.46.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA16773
          for <freebsd-security@freebsd.org>; Thu, 19 Mar 1998 20:18:48 -0800 (PST)
          (envelope-from Dewayne.Geraghty@digital.com)
Received: from snopf1.dhcp.sno.dec.com (snopf1.dhcp.sno.dec.com [16.172.128.251])
	by mail13.digital.com (8.8.8/8.8.8/WV1.0c) with ESMTP id XAA06373;
	Thu, 19 Mar 1998 23:18:37 -0500 (EST)
Received: by snopf1.dhcp.sno.dec.com with Internet Mail Service (5.5.1960.3)
	id <HA8NPZ9D>; Fri, 20 Mar 1998 15:18:28 +1100
Message-ID: <B1977B6CC366D11195D30000F89CBDDF2D4354@snoexc1.dhcp.sno.dec.com>
From: Dewayne Geraghty <Dewayne.Geraghty@digital.com>
To: "'Graphic Rezidew'" <rezidew@rezidew.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: I need some proxies! :)
Date: Fri, 20 Mar 1998 15:18:23 +1100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Content-Type: text/plain
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

I think that the problem needs further clarification.

To answer your question, Graphic.  You'd put a proxy behind the firewall
to minimize the types of attacks that can be launched against the proxy.
If the proxy has nothing but the proxy software, then this is a pretty
fair solution.

A slight improvement on this stratgy is to place a relay on the outside
of the firewall which is permitted, via the firewall, to only access the
internal proxy server.  

internet - (external proxy relay/bastion host) - filter gateway -
internal proxy server - internal backbone

Some books call these different things: here the "proxy server" is
internal, and the "proxy relay" is external.

BTW: squid's a good choice for the internal proxy/cache server - but as
I'm very new to FreeBSD (and UNIX in general), I'm unsure of what
applications provide relay services?

Kind regards, Dewayne.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message