From owner-freebsd-questions Tue Jun 1 13: 4:28 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133]) by hub.freebsd.org (Postfix) with ESMTP id C21C515096 for ; Tue, 1 Jun 1999 13:04:21 -0700 (PDT) (envelope-from bright@rush.net) Received: from localhost (bright@localhost) by cygnus.rush.net (8.9.3/8.9.3) with SMTP id PAA09790; Tue, 1 Jun 1999 15:24:59 -0500 (EST) Date: Tue, 1 Jun 1999 15:24:57 -0500 (EST) From: Alfred Perlstein To: Tenacious Cc: "Scott I. Remick" , Dan Nelson , freebsd-questions@FreeBSD.ORG Subject: Re: ipfw vs. MS Proxy In-Reply-To: <00e901beac5e$fe5c07a0$3c29a8c0@tci.rdo> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 1 Jun 1999, Tenacious wrote: > > On Tue, 1 Jun 1999, Scott I. Remick wrote: > > > > > At 02:07 PM 6/1/1999 , you wrote: > > > This was my understanding as well. I've actually looked at squid. > > > > > > >Exactly what are the advertised features of MS Proxy, and what are the > > > >features you are looking for? > > > > > > They're looking at it from a security standpoint. Which I agree with > > > totally... I've always wanted a firewall. There never seems to be money > > > available for my FreeBSD projects, but if someone describes the same > need > > > using MS "solutions", then everyone gets excited :( > > > > I'm quite sure MS-proxy is the correct choice for you, it's VERY > > cool, it'll even proxy outside connections INTO your network! > > You need more hardware resources for MS-proxy than proxy for BSD. The above statement was sacasm directed at MS-proxy's "security". Search bugtraq. see: > > Do yourself a big favor and search bugtraq for this, supposeddly > > people were able to fool ms-proxy into making internal connections > > to proxied networks by spoofing proxy requests. > > > > > The idea is to do just what a firewall does: filter traffic between our > > > private network and the outside world. I'd like to see a FreeBSD box > with > > > 2 NICs dropped into place, running ipfw, to perform this task fairly > > > invisibly. They'd like to use MS solutions because "that's what we > sell" > > > and they don't like FreeBSD solutions because NOEKI (No One Else Knows > It) > > > except for me. Grrr. > > > > Buy them the Complete FreeBSD. Explain that you'll save them > > 2000$+cost of ms-proxy. IPFW syntax isn't that horrible to > > master. > > Don't forget the cost of NT Server. 2000$ == NT server. no? > > > I'm not totally up on either, but I've got some concerns that MS Proxy > is > > > even up for the task that they want to give it. Sure, it can proxy and > > > cache HTTP info and the like, but I don't think it's much of a > firewall... > > > am I correct? Hopefully someone can help me out here. > > > > Using MS products as a firewall solution is cool, because when > > you blue screen, you effectively completely firewall off your > > entire operation. > > Blue screen is part of the Windows. *nod* It'd be cool if you could customize the colors ala the Imac. :) -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message