Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Transparent proxy ...
Hello Richard,
it depends on your requirements.
What kind of firewall you want? Application gateway like suid or ftp-proxy
is more secure than "only" filtering.
Your machines are well for 100+ users or much more I think. PC2 is actually
overpowered.
My configuration is a firewall with PIII 550, 64 MB and IDE, there is squid,
ftp-proxy (suse proxysuite), DNS and with susefirewall are there more than
150 ipchains rules. There are about 50 users.
Internetconnection is ADSL 1,5 MBit and all works fine - no performance
problems not yet.
I think you should install the classical way - build DMZ and place
Mailserver in DMZ, put proxies on firewall.

Frank

E-Mail f.stuehmer@xxxxxxxxxxx

WS Medienservice Chemnitz GmbH

----- Original Message -----
From: "Richard Ems" <r.ems.mtg@xxxxxxx>
To: "Frank Stuehmer" <f.stuehmer@xxxxxxxxxxx>; <suse-security@xxxxxxxx>
Sent: Friday, February 02, 2001 6:44 PM
Subject: Re: [suse-security] Transparent proxy ...


> Hi Frank!
>
> Mi idea was to build a Firewall where PC1 would ONLY do packet filtering
> (masq, forw, redir, etc.) and PC2 would do the rest (snmp server, pop
server,
> proxy server, dns server, etc.) Also the hardware is very different on
both
> PC's:
> PC1: 1 x 700 Mhz, 64 MB RAM, IDE
> PC2: 2 x 700 Mhz, 512 MB RAM, SCSI, more disk space than PC1
>
> mmmm, now I'm not so sure ...
>
> What do you think?
>
> Richard
>
>
>
> Frank Stuehmer wrote:
>
> > Hi Richard,
> > why you don't install squid at PC1 ?
> > There are good reasons in the howtos why installing proxies on
firewalls.
> > With your configuration you should allow routing between Internet an
local
> > LAN for http, https and ftp.
> > Squid in transparent mode is nice only for http neither ftp nor https.
> > Frank
> >
> > ----- Original Message -----
> > From: "Richard Ems" <r.ems.mtg@xxxxxxx>
> > To: <suse-security@xxxxxxxx>
> > Sent: Friday, February 02, 2001 3:01 PM
> > Subject: [suse-security] Transparent proxy ...
> >
> > > Hi all!
> > >
> > > Here my scenario:
> > >
> > >
> > > Internet
> > > |
> > > |
> > > |
> > > PC1: Packet Filtering ---------+
> > >
> > > SWITCH------- Internal LAN
> > > PC2: SQUID Proxy Server ------+
> > > Mail Server
> > > DNS caching only server
> > >
> > > What I'm trying to configure is a kind of port forwarding from PC1 to
> > > PC2. Is this possible?
> > > HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80
> > > to PC2:3128)
> > >
> > > I've searched in the archives, read the HOWTO's but didn't find any
> > > answer?
> > >
> > > Any help would be VERY appreciated !
> > >
> > > Thanks, Richard
> > >
> > > --
> > > Richard Ems
> > > ... e-mail: r.ems@xxxxxxx
> > > ... Fachbereich Informatik, Universit├Ąt Hamburg
> > >
> > > Unix IS user friendly. It's just selective about who its friends
are.
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > >
>
> --
> Richard Ems
> ... e-mail: r.ems@xxxxxxx
> ... Fachbereich Informatik, Universit├Ąt Hamburg
>
> Unix IS user friendly. It's just selective about who its friends are.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >