Date: Tue, 1 Jun 1999 13:59:47 -0500 (EST) From: Alfred Perlstein <bright@rush.net> To: "Scott I. Remick" <scott@computeralt.com> Cc: Dan Nelson <dnelson@emsphone.com>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw vs. MS Proxy Message-ID: <Pine.BSF.3.96.990601135326.9491w-100000@cygnus.rush.net> In-Reply-To: <4.2.0.56.19990601142406.03508710@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Jun 1999, Scott I. Remick wrote: > At 02:07 PM 6/1/1999 , you wrote: > >ipfw is packet filtering, not proxying. For that you probably want > >squid and/or natd. > > This was my understanding as well. I've actually looked at squid. > > >Exactly what are the advertised features of MS Proxy, and what are the > >features you are looking for? > > They're looking at it from a security standpoint. Which I agree with > totally... I've always wanted a firewall. There never seems to be money > available for my FreeBSD projects, but if someone describes the same need > using MS "solutions", then everyone gets excited :( I'm quite sure MS-proxy is the correct choice for you, it's VERY cool, it'll even proxy outside connections INTO your network! Do yourself a big favor and search bugtraq for this, supposeddly people were able to fool ms-proxy into making internal connections to proxied networks by spoofing proxy requests. > The idea is to do just what a firewall does: filter traffic between our > private network and the outside world. I'd like to see a FreeBSD box with > 2 NICs dropped into place, running ipfw, to perform this task fairly > invisibly. They'd like to use MS solutions because "that's what we sell" > and they don't like FreeBSD solutions because NOEKI (No One Else Knows It) > except for me. Grrr. Buy them the Complete FreeBSD. Explain that you'll save them 2000$+cost of ms-proxy. IPFW syntax isn't that horrible to master. > I'm not totally up on either, but I've got some concerns that MS Proxy is > even up for the task that they want to give it. Sure, it can proxy and > cache HTTP info and the like, but I don't think it's much of a firewall... > am I correct? Hopefully someone can help me out here. Using MS products as a firewall solution is cool, because when you blue screen, you effectively completely firewall off your entire operation. </sarcasm> It's a shame your co-workers seem to be lacking clue. Good luck with your advocacy. :) -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990601135326.9491w-100000>