Date: Fri, 20 Mar 1998 11:54:17 -0500 (EST) From: Bryan Swann <swann@nosc.mil> To: Graphic Rezidew <rezidew@rezidew.net> Cc: Open Systems Networking <opsys@mail.webspan.net>, freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) Message-ID: <Pine.GSO.3.96.980320114744.2174A-100000@mailbox> In-Reply-To: <3511D0C8.2EC8A24C@rezidew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In case you didm't see my last post, there are valid reasons for having a seperate web proxy server. A web proxy like SQUID not only serves as a proxy, it caches the web data. When SQUID already has a web page in cache, there is no need fot it to go out on the Internat to get it. This can greatly reduce the amount of traffic going through the firewall. A second reason for a seperate web proxy is to reduce the processing the firewall has to perform. The firewall could simply use a packet screen rule, instead of a proxy, to only allow the REAL proxy server external access. The packet screen requires less processing than the proxy. I'm currently aiding a group in developing a parallel firewall solution. This design will include an internal web proxy/cache server. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Thu, 19 Mar 1998, Graphic Rezidew wrote: > Open Systems Networking wrote: > > > > I hate anti-commercial licenses :) > > > > I'm about to build a security/internet connection for a local corp. > > That goes a little something like this: > > > > Internet--->IPFW/NAT server--->proxy server/SKIP--->Internal lan. > > > > Just out of curiosity, why would you need a proxy on the "inside" of the > ''firewall''? I could see using it in select situations, but you may be > walking up a hill that you don't need to. > > > -- > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > I really hate this damned machine > I wish that they would sell it. > It never does quite what I want > But only what I tell it. > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Graphic Rezidew > rezidew@rezidew.net > http://Graphic.Rezidew.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.980320114744.2174A-100000>