From owner-freebsd-security Mon Nov 12 6:28:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id CA43437B405 for ; Mon, 12 Nov 2001 06:28:54 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id fACESqp05474; Mon, 12 Nov 2001 09:28:53 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20011112091952.06b2cb30@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 12 Nov 2001 09:22:20 -0500 To: anderson@centtech.com, freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: NAT vs Application layer proxy In-Reply-To: <3BEFDB90.9CD7AEB7@centtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 08:24 AM 11/12/01 -0600, Eric Anderson wrote: >What are some of the advantages/disadvantages of an >application layer proxy server, versus a box running NAT >with packet filtering on it (like ipfilter or IPFW)? Auditing is a big one. Also, you can do neat things like block NIMDA infected sites with Squid. ---Mike >Eric > > >-- >------------------------------------------------------------- >Eric Anderson anderson@centtech.com Centaur Technology >No single raindrop believes it is to blame for the flood. >------------------------------------------------------------- > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message