From owner-freebsd-security Fri Mar 20 08:55:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA27786 for freebsd-security-outgoing; Fri, 20 Mar 1998 08:55:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mailbox.nosc.mil (mailbox.nosc.mil [198.253.34.39]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA27718 for ; Fri, 20 Mar 1998 08:55:14 -0800 (PST) (envelope-from swann@nosc.mil) Received: from localhost (swann@localhost) by mailbox.nosc.mil (8.8.3/8.8.3) with SMTP id LAA02207; Fri, 20 Mar 1998 11:54:17 -0500 (EST) X-Authentication-Warning: mailbox.nosc.mil: swann owned process doing -bs Date: Fri, 20 Mar 1998 11:54:17 -0500 (EST) From: Bryan Swann X-Sender: swann@mailbox To: Graphic Rezidew cc: Open Systems Networking , freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) In-Reply-To: <3511D0C8.2EC8A24C@rezidew.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk In case you didm't see my last post, there are valid reasons for having a seperate web proxy server. A web proxy like SQUID not only serves as a proxy, it caches the web data. When SQUID already has a web page in cache, there is no need fot it to go out on the Internat to get it. This can greatly reduce the amount of traffic going through the firewall. A second reason for a seperate web proxy is to reduce the processing the firewall has to perform. The firewall could simply use a packet screen rule, instead of a proxy, to only allow the REAL proxy server external access. The packet screen requires less processing than the proxy. I'm currently aiding a group in developing a parallel firewall solution. This design will include an internal web proxy/cache server. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Thu, 19 Mar 1998, Graphic Rezidew wrote: > Open Systems Networking wrote: > > > > I hate anti-commercial licenses :) > > > > I'm about to build a security/internet connection for a local corp. > > That goes a little something like this: > > > > Internet--->IPFW/NAT server--->proxy server/SKIP--->Internal lan. > > > > Just out of curiosity, why would you need a proxy on the "inside" of the > ''firewall''? I could see using it in select situations, but you may be > walking up a hill that you don't need to. > > > -- > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > I really hate this damned machine > I wish that they would sell it. > It never does quite what I want > But only what I tell it. > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Graphic Rezidew > rezidew@rezidew.net > http://Graphic.Rezidew.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message