From owner-freebsd-security Fri Mar 20 21:51:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA23630 for freebsd-security-outgoing; Fri, 20 Mar 1998 21:51:19 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from relay.ripco.com (relay.ripco.com [209.100.227.3]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA23608 for ; Fri, 20 Mar 1998 21:51:09 -0800 (PST) (envelope-from rezidew@rezidew.net) Received: (qmail 7227 invoked from network); 21 Mar 1998 05:51:19 -0000 Received: from soap.rezidew.net (HELO rezidew.net) (209.100.228.86) by relay.ripco.com with SMTP; 21 Mar 1998 05:51:19 -0000 Message-ID: <351356BD.F971649E@rezidew.net> Date: Fri, 20 Mar 1998 23:57:17 -0600 From: Graphic Rezidew Organization: rezidew.net X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 3.0-971225-SNAP i386) MIME-Version: 1.0 To: Bryan Swann CC: Open Systems Networking , freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk I completely understand that there MAY be cause for having a seperate ipfw and proxy server. I was just wondering if it were absolutely necessary in this case. I understand the pinch that corporate security guys can put on a project and that's all I was wondering. Bryan Swann wrote: > > In case you didm't see my last post, there are valid reasons for having a > seperate web proxy server. A web proxy like SQUID not only serves as a > proxy, it caches the web data. When SQUID already has a web page in > cache, there is no need fot it to go out on the Internat to get it. This > can greatly reduce the amount of traffic going through the firewall. > > A second reason for a seperate web proxy is to reduce the processing the > firewall has to perform. The firewall could simply use a packet screen > rule, instead of a proxy, to only allow the REAL proxy server external > access. The packet screen requires less processing than the proxy. > > I'm currently aiding a group in developing a parallel firewall solution. > This design will include an internal web proxy/cache server. ---big snip--- > > Just out of curiosity, why would you need a proxy on the "inside" of the > > ''firewall''? I could see using it in select situations, but you may be > > walking up a hill that you don't need to. ---snip--- -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ One of the advantages of being a captain is being able to ask for advice without necessarily having to take it. -- Kirk, "Dagger of the Mind", stardate 2715.2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Graphic Rezidew rezidew@rezidew.net http://Graphic.Rezidew.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message