Date: Mon, 2 Feb 2004 19:30:19 +0100 From: Jorn Argelo <jorn@wcborstel.nl> To: <Barbish3@adelphia.net> Cc: questions@freebsd.org Subject: Re: proxies and firewalls Message-ID: <200402021930.19028.jorn@wcborstel.nl> In-Reply-To: <MIEPLLIBMLEEABPDBIEGMEJKFHAA.Barbish3@adelphia.net> References: <MIEPLLIBMLEEABPDBIEGMEJKFHAA.Barbish3@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 02 February 2004 19:04, you wrote: > Thanks for the detailed explanation. > The light bulb has turned on in my head. > I learn something new all the time on this list. > > So let me put this in my own words to verify I understand correctly. > Lets say I have gateway box running 5 PCs on LAN behind it, > with cable dhcp connection to ISP. > The gateway box runs IPFILTER firewall and IPNAT to do NAT function. > > I can discontinue using IPNAT and install an application level proxy > server on my gateway box and it will by default intercept all LAN > and gateway originating packet traffic destine for the public > internet after it's processed by my firewall and handle the > bi-directional traffic transparently? Well, at home I'm using both NAT and a proxy server, but that's because I can't play some online games by means of the proxy server, and the MSN clients are refusing to work my proxy server as well, but for browsing all four the computers are using the proxy server. I'm not running a firewall, because the proxy server provides decent security for home use here. All the ports are closed except those which are needed. (Webserver, Mail server etc) If you're at a small company then the current situation you describe seems just fine to me. If you're at home then you can use this as well, but if you got a gamer at home he isn't going to be happy since you can't really use a proxy for online gaming. So it depends a bit.... Hope this helped a bit. Cheers, Jorn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402021930.19028.jorn>