From owner-freebsd-questions Tue Jun 1 11:49: 0 1999 Delivered-To: freebsd-questions@freebsd.org Received: from icarus.idirect.com (icarus.idirect.com [207.136.80.7]) by hub.freebsd.org (Postfix) with ESMTP id 8E4051565E for ; Tue, 1 Jun 1999 11:48:44 -0700 (PDT) (envelope-from tMind@bigfoot.com) Received: from eniac.idirect.ca (eniac.idirect.com [207.136.80.199]) by icarus.idirect.com (8.9.3/8.9.3) with ESMTP id OAA02274; Tue, 1 Jun 1999 14:48:41 -0400 (EDT) Received: from gchan (fan200.fan590.com [209.250.138.200]) by eniac.idirect.ca (8.9.3/8.9.3) with SMTP id OAA24283; Tue, 1 Jun 1999 14:48:37 -0400 (EDT) Message-ID: <00e901beac5e$fe5c07a0$3c29a8c0@tci.rdo> From: "Tenacious" To: "Alfred Perlstein" , "Scott I. Remick" Cc: "Dan Nelson" , References: Subject: Re: ipfw vs. MS Proxy Date: Tue, 1 Jun 1999 14:45:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ----- Original Message ----- From: Alfred Perlstein To: Scott I. Remick Cc: Dan Nelson ; Sent: Tuesday, June 01, 1999 2:59 PM Subject: Re: ipfw vs. MS Proxy > On Tue, 1 Jun 1999, Scott I. Remick wrote: > > > At 02:07 PM 6/1/1999 , you wrote: > > >ipfw is packet filtering, not proxying. For that you probably want > > >squid and/or natd. Another choices can be TIS and Apache. > > > > This was my understanding as well. I've actually looked at squid. > > > > >Exactly what are the advertised features of MS Proxy, and what are the > > >features you are looking for? > > > > They're looking at it from a security standpoint. Which I agree with > > totally... I've always wanted a firewall. There never seems to be money > > available for my FreeBSD projects, but if someone describes the same need > > using MS "solutions", then everyone gets excited :( > > I'm quite sure MS-proxy is the correct choice for you, it's VERY > cool, it'll even proxy outside connections INTO your network! You need more hardware resources for MS-proxy than proxy for BSD. > > Do yourself a big favor and search bugtraq for this, supposeddly > people were able to fool ms-proxy into making internal connections > to proxied networks by spoofing proxy requests. > > > The idea is to do just what a firewall does: filter traffic between our > > private network and the outside world. I'd like to see a FreeBSD box with > > 2 NICs dropped into place, running ipfw, to perform this task fairly > > invisibly. They'd like to use MS solutions because "that's what we sell" > > and they don't like FreeBSD solutions because NOEKI (No One Else Knows It) > > except for me. Grrr. > > Buy them the Complete FreeBSD. Explain that you'll save them > 2000$+cost of ms-proxy. IPFW syntax isn't that horrible to > master. Don't forget the cost of NT Server. > > > I'm not totally up on either, but I've got some concerns that MS Proxy is > > even up for the task that they want to give it. Sure, it can proxy and > > cache HTTP info and the like, but I don't think it's much of a firewall... > > am I correct? Hopefully someone can help me out here. > > Using MS products as a firewall solution is cool, because when > you blue screen, you effectively completely firewall off your > entire operation. Blue screen is part of the Windows. > > > > It's a shame your co-workers seem to be lacking clue. Good luck > with your advocacy. :) > > -Alfred > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message