Date: Tue, 1 Jun 1999 14:45:54 -0400 From: "Tenacious" <tMind@bigfoot.com> To: "Alfred Perlstein" <bright@rush.net>, "Scott I. Remick" <scott@computeralt.com> Cc: "Dan Nelson" <dnelson@emsphone.com>, <freebsd-questions@freebsd.org> Subject: Re: ipfw vs. MS Proxy Message-ID: <00e901beac5e$fe5c07a0$3c29a8c0@tci.rdo> References: <Pine.BSF.3.96.990601135326.9491w-100000@cygnus.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: Alfred Perlstein <bright@rush.net> To: Scott I. Remick <scott@computeralt.com> Cc: Dan Nelson <dnelson@emsphone.com>; <freebsd-questions@freebsd.org> Sent: Tuesday, June 01, 1999 2:59 PM Subject: Re: ipfw vs. MS Proxy > On Tue, 1 Jun 1999, Scott I. Remick wrote: > > > At 02:07 PM 6/1/1999 , you wrote: > > >ipfw is packet filtering, not proxying. For that you probably want > > >squid and/or natd. Another choices can be TIS and Apache. > > > > This was my understanding as well. I've actually looked at squid. > > > > >Exactly what are the advertised features of MS Proxy, and what are the > > >features you are looking for? > > > > They're looking at it from a security standpoint. Which I agree with > > totally... I've always wanted a firewall. There never seems to be money > > available for my FreeBSD projects, but if someone describes the same need > > using MS "solutions", then everyone gets excited :( > > I'm quite sure MS-proxy is the correct choice for you, it's VERY > cool, it'll even proxy outside connections INTO your network! You need more hardware resources for MS-proxy than proxy for BSD. > > Do yourself a big favor and search bugtraq for this, supposeddly > people were able to fool ms-proxy into making internal connections > to proxied networks by spoofing proxy requests. > > > The idea is to do just what a firewall does: filter traffic between our > > private network and the outside world. I'd like to see a FreeBSD box with > > 2 NICs dropped into place, running ipfw, to perform this task fairly > > invisibly. They'd like to use MS solutions because "that's what we sell" > > and they don't like FreeBSD solutions because NOEKI (No One Else Knows It) > > except for me. Grrr. > > Buy them the Complete FreeBSD. Explain that you'll save them > 2000$+cost of ms-proxy. IPFW syntax isn't that horrible to > master. Don't forget the cost of NT Server. > > > I'm not totally up on either, but I've got some concerns that MS Proxy is > > even up for the task that they want to give it. Sure, it can proxy and > > cache HTTP info and the like, but I don't think it's much of a firewall... > > am I correct? Hopefully someone can help me out here. > > Using MS products as a firewall solution is cool, because when > you blue screen, you effectively completely firewall off your > entire operation. Blue screen is part of the Windows. > > </sarcasm> > > It's a shame your co-workers seem to be lacking clue. Good luck > with your advocacy. :) > > -Alfred > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00e901beac5e$fe5c07a0$3c29a8c0>