Date: Thu, 15 Nov 2001 04:26:34 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Mike Tancsa <mike@sentex.net> Cc: anderson@centtech.com, freebsd-security@FreeBSD.ORG Subject: Re: NAT vs Application layer proxy Message-ID: <200111151226.fAFCQof21790@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 12 Nov 2001 09:22:20 EST." <5.1.0.14.0.20011112091952.06b2cb30@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <5.1.0.14.0.20011112091952.06b2cb30@marble.sentex.ca>, Mike Tancsa w rites: > At 08:24 AM 11/12/01 -0600, Eric Anderson wrote: > >What are some of the advantages/disadvantages of an > >application layer proxy server, versus a box running NAT > >with packet filtering on it (like ipfilter or IPFW)? > > Auditing is a big one. Also, you can do neat things like block NIMDA > infected sites with Squid. I've been playing with SquidGuard lately to filter web traffic based upon content, regexp matches within domainname, and network blocks. Many people at work with children have expressed interest, given that an old PC (who doesn't have an old PC lying around these days) running FreeBSD + IP Filter is all that is needed, not to mention one gets a firewall as a bonus. squidguard.org provides updates to the database. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111151226.fAFCQof21790>