From owner-freebsd-questions@FreeBSD.ORG Sun Sep 14 19:47:56 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 12B6A89B for ; Sun, 14 Sep 2014 19:47:56 +0000 (UTC) Received: from resqmta-po-08v.sys.comcast.net (resqmta-po-08v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:167]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CD716E4B for ; Sun, 14 Sep 2014 19:47:55 +0000 (UTC) Received: from omta09.emeryville.ca.mail.comcast.net ([76.96.30.20]) by resqmta-po-08v.sys.comcast.net with comcast id r7hW1o0020S2fkC017ntEi; Sun, 14 Sep 2014 19:47:54 +0000 Received: from Curly-Sr.dbis.net ([50.183.226.175]) by omta09.emeryville.ca.mail.comcast.net with comcast id r7ns1o0043nhSLa8V7ntty; Sun, 14 Sep 2014 19:47:53 +0000 Message-ID: <5415F0E4.5070004@comcast.net> Date: Sun, 14 Sep 2014 13:47:48 -0600 From: Dave Babb User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: Odhiambo Washington Subject: Re: Proxy Server Question References: <5415DE49.9070500@comcast.net> <5415E165.8060508@comcast.net> In-Reply-To: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1410724074; bh=9/U8B9FB9ZPqskHPZPzH77j025+6jxIHYry9hTOpUP8=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=WSp2necI3k4E/L1yvtrL6zXErqyHaPqATYkf26GPIiM+Rcq12NEKHb6ieX9PSfFgK YLo53eTKqgfzvC/MUaWU0mesgW6nv3IRlniRV8l+LKNe8NkG2s7S0LzZaYSLrX9u/q HZNWr/RFZkwVOjuyOBYtmbrO5CHcr3XZyP+Zsi+ZMc5Q+IlJUKDYCLy3Q9H5hJ+Goi QCNvCoZuYKGzlh+Ip9EjlGhx7OKF2R5FmtwzWa/hEQNijCnrQdtWvooSVZwtTgXGQB RJrR8v8m6dVMMU/wWC1ZRnighGNRyE3pGQze3jGjvUPUGnWfFp1gi/F3hxipk8OzFb P1YEyCkAO0o1w== Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: User Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Sep 2014 19:47:56 -0000 Thank you for the reply... I do appreciate feedback. The proxy server in the FreeBSD box is the failover. The city has purchased a physical firewall appliance to bolt to the wall...And in case it fails......the server will be backup. There will be no automatic failover.....by design. This is a small city of < 2k people. City users < 10. I have already read about squid.....The main purpose of the email was to ascertain which proxy server is considered "best practice" in the FreeBSD world. I'll configure it all...I just don't want to deploy a package that the FreeBSD community would consider "bad form". I come from a 20+ year relationship with Linux......I fired Linux as a technology in Q1 of this year (long story)...including for my clients. I am < 1 year on FreeBSD. So what I know in Linux... I have come to understand does not necessarily apply to FreeBSD. This particular subject is my due-dilligence to ensure I am deploying a mainstream proxy as the FreeBSD community would define it. Again, Thank you for your reply, Sincerely and respectfully, Dave On 09/14/14 13:08, Odhiambo Washington wrote: > > > On 14 September 2014 21:41, Dave Babb > wrote: > > OK. fair enough. > > Project: I have been awarded a project in which I am changing out > an entire cities infrastructure to be based upon FreeBSD. They > will have their ISP demark, which then gets fed into a physical > firewall appliance bolted to the wall, which then feeds the > FreeBSD server containing the proxy server into NIC #0. > > NIC #1 (on a different subnet) will then feed the attached devices > of the city, PC's, smart devices, printers via a 16 port switch. > > The purpose of the proxy servers is to put a configurable layer of > proxy between the average city user, and the internet at large. > Currently the city is infected with a lot of Windows virus', > mainly do to the users (at this time) having unmanaged, unfiltered > access to the Internet..... > > > So, besides the proxying, what else do you want to achieve in the > FreeBSD box? How many users are you looking at handling on your > network? Squid will be able to do the proxying for you, but what else > you need to achieve, with the number of client devices you expect to > handle simultaneously will determine what you will install and the > sizing of this proxy machine. Besides, you will also need failover for > this machine so that you minimize on downtime. I am thinking a good > start will be thinking of an appliance - like those done by the > pfSense guys. If you are not going for an > appliance and want to get your hands dirty, you can do it too, though > with a city, I am sure there is a budget for a suitable appliance. My > advise - head over to the pfSense forums for a solution. > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > "I can't hear you -- I'm using the scrambler."