From owner-freebsd-questions@FreeBSD.ORG Sun Sep 14 19:09:37 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5430C58 for ; Sun, 14 Sep 2014 19:09:37 +0000 (UTC) Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2C65EAAD for ; Sun, 14 Sep 2014 19:09:36 +0000 (UTC) Received: by mail-la0-f53.google.com with SMTP id ge10so3382396lab.26 for ; Sun, 14 Sep 2014 12:09:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=nnW2bLf3m6tvihT6aTC1N0UZtBMqMIa+VFnUhefncS4=; b=AA/LwjW5VdsUrsPGt5wsXykJgtKJE7PMfumNeu0NNNhuOtfoFzkCP9ZDMaWd8Kf4LF FMmBlmZII761ejnUivxJ4zbwYX7UQieAn775iDnpakfkJTxA7gKILA4CVYFJpctJDcDl SAdGIXu5bBf4hFn9xYq2HwHqZ/7iRzDaj1lTJi9oFY/bOvtjxyEYO8PUM2WeG0NiLgCj NjeVausH9DL6N0dfVhoCLOTaYTTOChnCHifMMnKu3nSCLPOkQaDrkwiPPwEq5Q9BUofH TinS2JwZOLPmTSuN+YSXpuy/4VwL35t3XnTU+/GQU3VhXEXH/rem5RigIQunmzrKq9oF yBkQ== X-Received: by 10.152.116.80 with SMTP id ju16mr3978726lab.73.1410721774767; Sun, 14 Sep 2014 12:09:34 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.8.41 with HTTP; Sun, 14 Sep 2014 12:08:54 -0700 (PDT) In-Reply-To: <5415E165.8060508@comcast.net> References: <5415DE49.9070500@comcast.net> <5415E165.8060508@comcast.net> From: Odhiambo Washington Date: Sun, 14 Sep 2014 22:08:54 +0300 Message-ID: Subject: Re: Proxy Server Question To: Dave Babb Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: User Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Sep 2014 19:09:37 -0000 On 14 September 2014 21:41, Dave Babb wrote: > OK. fair enough. > > Project: I have been awarded a project in which I am changing out an > entire cities infrastructure to be based upon FreeBSD. They will have their > ISP demark, which then gets fed into a physical firewall appliance bolted > to the wall, which then feeds the FreeBSD server containing the proxy > server into NIC #0. > > NIC #1 (on a different subnet) will then feed the attached devices of the > city, PC's, smart devices, printers via a 16 port switch. > > The purpose of the proxy servers is to put a configurable layer of proxy > between the average city user, and the internet at large. Currently the > city is infected with a lot of Windows virus', mainly do to the users (at > this time) having unmanaged, unfiltered access to the Internet..... > > So, besides the proxying, what else do you want to achieve in the FreeBSD box? How many users are you looking at handling on your network? Squid will be able to do the proxying for you, but what else you need to achieve, with the number of client devices you expect to handle simultaneously will determine what you will install and the sizing of this proxy machine. Besides, you will also need failover for this machine so that you minimize on downtime. I am thinking a good start will be thinking of an appliance - like those done by the pfSense guys. If you are not going for an appliance and want to get your hands dirty, you can do it too, though with a city, I am sure there is a budget for a suitable appliance. My advise - head over to the pfSense forums for a solution. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."