[ previous ] [ next ] [ threads ]
 
 From:  "David Henry" <dhenry at nauticallandings dot com>
 To:  "Jayden Phillips" <trainguy77 at shaw dot ca>, "lola" <lola at yais dot net>, "Monowall DEV" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] m0n0 <-> proxy suggestion
 Date:  Mon, 24 Oct 2005 10:25:16 -0400
A load balancer would be awesome.   I know F5 Networks uses FreeBSD for 
their systems.
M0n0Load....




----- Original Message ----- 
From: "Jayden Phillips" <trainguy77 at shaw dot ca>
To: "lola" <lola at yais dot net>; "Monowall DEV" <m0n0wall dash dev at lists dot m0n0 dot ch>
Sent: Friday, October 21, 2005 12:35 PM
Subject: Re: [m0n0wall-dev] m0n0 <-> proxy suggestion


>I like this idea, of turning m0n0wall into more then a firewall.(on
> different boxes) Having a m0n0proxy, among other things, and having them 
> all
> able to be intertwined on a click of a button. Of coarse we would need
> developers to help out.
>
> Jayden
>
>
> On 10/21/05 8:18 AM, "lola" <lola at yais dot net> wrote:
>
>> hi all,
>>
>>
>> there have been many discussions about proxy support on the list. but 
>> afaik
>> there is no easy "plug and play" solution yet. i agree in having a 
>> seperate
>> proxy box rather than implementing squid into m0n0wall. so here is my
>> suggestion:
>>
>> 1. build a m0n0wall-like transparent proxy based on m0n0bsd using squid. 
>> of
>> course having a simple web frontend like m0n0wall. (thats the easy part)
>>
>> 2. in m0n0wall have a option "enable proxy". this would basicly alter the
>> dhcp server config and set the proxy ip as default gateway.
>>
>> this means the default getaway for all clients on lan is the proxy. http
>> traffic is filtered, other traffic is forwarded to m0n0wall. thats the
>> downside of my idea: all traffic has to go through the proxy first. but i
>> think its the easiest way to enable proxy support in m0n0wall.
>>
>>
>> plattforms/versions:
>>
>> a proxy needs much more performance than a gateway. thats the reason many 
>> on
>> the list dont want squid on embbeded boards (wrap, soekris). but why dont 
>> we
>> let the user decide what hardware to use? i'm pretty sure a proxy running 
>> on
>> a wrap board with a small (10 or 20 mb) cache stored on a mfs will do 
>> basic
>> access control and simple filtering such as domain blacklisting. who 
>> wants
>> to run a big proxy simply uses generic pc hardware with lots of memory 
>> and
>> fast hard drives. therefore i suggest having the same images as we have 
>> with
>> m0n0wall: generic (cache stored on hdd), embedded (only basic 
>> functionality)
>> and cdrom (cache stored on mfs, requires a lot of memory).
>>
>>
>> features:
>>
>> as internet bandwidth isnt the main concern these days i think the core
>> function of the proxy should be access control and content filtering. im
>> running an internet cafe in germany and i can tell you filtering porn on 
>> 20
>> or more computers is either a pain in the ass or really expensive.
>> "m0n0proxy" should have a self updating blacklist system (don't know how 
>> to
>> do that yet).
>>
>>
>> thats my idea. what do you guys think? anybody with me or am i alone on 
>> this
>> one?
>>
>> --
>>
>> Thomas Lohner
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.12.4/146 - Release Date: 10/21/2005
>