Date: Fri, 20 Mar 1998 23:57:17 -0600 From: Graphic Rezidew <rezidew@rezidew.net> To: Bryan Swann <swann@nosc.mil> Cc: Open Systems Networking <opsys@mail.webspan.net>, freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) Message-ID: <351356BD.F971649E@rezidew.net> References: <Pine.GSO.3.96.980320114744.2174A-100000@mailbox>
next in thread | previous in thread | raw e-mail | index | archive | help
I completely understand that there MAY be cause for having a seperate
ipfw
and proxy server. I was just wondering if it were absolutely necessary
in
this case. I understand the pinch that corporate security guys can put
on
a project and that's all I was wondering.
Bryan Swann wrote:
>
> In case you didm't see my last post, there are valid reasons for having a
> seperate web proxy server. A web proxy like SQUID not only serves as a
> proxy, it caches the web data. When SQUID already has a web page in
> cache, there is no need fot it to go out on the Internat to get it. This
> can greatly reduce the amount of traffic going through the firewall.
>
> A second reason for a seperate web proxy is to reduce the processing the
> firewall has to perform. The firewall could simply use a packet screen
> rule, instead of a proxy, to only allow the REAL proxy server external
> access. The packet screen requires less processing than the proxy.
>
> I'm currently aiding a group in developing a parallel firewall solution.
> This design will include an internal web proxy/cache server.
---big snip---
> > Just out of curiosity, why would you need a proxy on the "inside" of the
> > ''firewall''? I could see using it in select situations, but you may be
> > walking up a hill that you don't need to.
---snip---
--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
One of the advantages of being a captain is being able to ask for
advice without necessarily having to take it.
-- Kirk, "Dagger of the Mind", stardate 2715.2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Graphic Rezidew
rezidew@rezidew.net
http://Graphic.Rezidew.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?351356BD.F971649E>