[ previous ] [ next ] [ threads ]
 From:  Falcor <falcor at netassassin dot com>
 To:  Michael Mee <mm2001 at pobox dot com>
 Cc:  Jason Crowley <jcrowley at kc dot rr dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Web Proxy Service for m0n0wall
 Date:  Mon, 17 May 2004 23:05:18 -0500
I would have to say the only thing most want is the ability to enable a 
transparent proxy re-direct.  I don't like firewalls running proxies, it 
is quite CPU intensive and you should keep the firewall working as a 
firewall.  Checkpoint, PIX, etc  do it this way and it is done for a 
reason.  No offence to Jason, that is some nice work, but frankly a 
firewall needs to be a firewall.  Once you allow it to proxy any traffic 
it becomes a liability to the function of the filters.

Michael Mee wrote:

>Interesting idea.  Somewhat related to this is the ability to force
>transparent proxy to a separate proxy server. This is currently not possible
>in m0n0wall either.
>E.g., I'd like to have squid running on a machine in my network somewhere
>and transparently direct all appropriate traffic to it. (Of course I also
>want m0n0wall to detect a failure of that machine and temporarily disable
>the transparent redirect until it returns, but that could be v2 :->).
>I don't know enough about the access control/logging issues to comment on
>how useful it is to put squid into m0n0wall itself, but it seems it
>shouldn't be much more work to ensure that the admin could choose the
>'built-in' m0n0wall squid proxy or an external one.
>Thanks for getting the ball rolling on this!
>cheers, michael
>To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch