I completely understand that there MAY be cause for having a seperate
ipfw
and proxy server. I was just wondering if it were absolutely necessary
in
this case. I understand the pinch that corporate security guys can put
on
a project and that's all I was wondering.
Bryan Swann wrote:
>
> In case you didm't see my last post, there are valid reasons for having a
> seperate web proxy server. A web proxy like SQUID not only serves as a
> proxy, it caches the web data. When SQUID already has a web page in
> cache, there is no need fot it to go out on the Internat to get it. This
> can greatly reduce the amount of traffic going through the firewall.
>
> A second reason for a seperate web proxy is to reduce the processing the
> firewall has to perform. The firewall could simply use a packet screen
> rule, instead of a proxy, to only allow the REAL proxy server external
> access. The packet screen requires less processing than the proxy.
>
> I'm currently aiding a group in developing a parallel firewall solution.
> This design will include an internal web proxy/cache server.
---big snip---
> > Just out of curiosity, why would you need a proxy on the "inside" of the
> > ''firewall''? I could see using it in select situations, but you may be
> > walking up a hill that you don't need to.
---snip---
--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
One of the advantages of being a captain is being able to ask for
advice without necessarily having to take it.
-- Kirk, "Dagger of the Mind", stardate 2715.2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Graphic Rezidew
rezidew@rezidew.net
http://Graphic.Rezidew.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message