> TCP layer proxies are also able to insulate your network from > "broken TCP packets". The problem is that unless you run a > well-written TCP proxy, you then open up your firewall to attack. > > If you're just using this to forward to SSH, then I'd be > using packet-forwarding. If it's web, I'd probably run Squid > or similar in front of your web-server. But straight "TCP > proxies" don't offer that many benefits on their own unless > you have very specialised needs (assuming you keep your > kernels patched on the machines in your network).
Thanks. We use simpleproxy (http://sourceforge.net/projects/simpleproxy/) mainly to forward Citrix connections to multiple internal Windows 2003 servers and one firewall to an Exchange server. Incoming traffic can be high at times so speed and stability is important. I also think the likelihood of simpleproxy failing is higher than using iptables (?). Carlo -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
