[EMAIL PROTECTED] wrote on 07/29/2003 12:01:57 PM:
> It is certainly possible to run a proxy server like Squid or Junkbuster
> *on* a Dachstein system, though offhand I do not recall if either one
> exists in prepackaged (.lrp) form. But ... at least in my opinion ...
this
> is not an optimal setup. For best use, proxy servers want a lot of memory
> and disk space to use to cache results, and Dachstein is designed for use
> on relatively low-memory systems with limited mass storage.
>
> Perhaps more practical is running a proxy server on a full-strength Linux
> system that is on the LAN (or a related DMZ) firewalled and routed by a
> Dachstein. system.
There's more to this than just the wrong style of machine. Proxy servers
are a major security risk: they run a lot more code that allows a lot more
opportunities for rooting a box. For that reason alone such code should
not be put on a firewall.
Best is what Ray mentioned: a separate box in a DMZ. There should be an
outer firewall bewteen the DMZ and the Internet (it could even be your
Internet router, depending on how good it is), and an innter firewall
between the DMZ and your LAN (which would be a LEAF box, most likely).
This also allows you to be extremely strict in your rules on both the inner
and outer devices. For example, your outer firewall could drop all traffic
destined for port 80 that did not originate with the proxy server. Your
inner firewall could drop any traffic sourced from port 80 that did not
come from your proxy server. That will greatly limit the options of people
on your network that want to avoid the proxy server! :)
Tim Massey
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
