Date: Fri, 20 Mar 1998 23:57:17 -0600 From: Graphic Rezidew <rezidew@rezidew.net> To: Bryan Swann <swann@nosc.mil> Cc: Open Systems Networking <opsys@mail.webspan.net>, freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) Message-ID: <351356BD.F971649E@rezidew.net> References: <Pine.GSO.3.96.980320114744.2174A-100000@mailbox>
next in thread | previous in thread | raw e-mail | index | archive | help
I completely understand that there MAY be cause for having a seperate ipfw and proxy server. I was just wondering if it were absolutely necessary in this case. I understand the pinch that corporate security guys can put on a project and that's all I was wondering. Bryan Swann wrote: > > In case you didm't see my last post, there are valid reasons for having a > seperate web proxy server. A web proxy like SQUID not only serves as a > proxy, it caches the web data. When SQUID already has a web page in > cache, there is no need fot it to go out on the Internat to get it. This > can greatly reduce the amount of traffic going through the firewall. > > A second reason for a seperate web proxy is to reduce the processing the > firewall has to perform. The firewall could simply use a packet screen > rule, instead of a proxy, to only allow the REAL proxy server external > access. The packet screen requires less processing than the proxy. > > I'm currently aiding a group in developing a parallel firewall solution. > This design will include an internal web proxy/cache server. ---big snip--- > > Just out of curiosity, why would you need a proxy on the "inside" of the > > ''firewall''? I could see using it in select situations, but you may be > > walking up a hill that you don't need to. ---snip--- -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ One of the advantages of being a captain is being able to ask for advice without necessarily having to take it. -- Kirk, "Dagger of the Mind", stardate 2715.2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Graphic Rezidew rezidew@rezidew.net http://Graphic.Rezidew.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?351356BD.F971649E>