[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] proxy server
 Date:  Mon, 28 Nov 2005 17:36:05 -0600
From: "Ian Dawson" <LENIN at dsl dot pipex dot com>

> may seem like a stupid question but
> i need to implement a proxy server on firewall setup is there going to be
> any plans to put a proxy server in to monowall or is there a recomended
> proxy server to run along side m0n0 ?

This will never be done. One reason is it goes against the m0n0wall concept 
of lightweight, and secure.  The other is the difficulty.

m0n0wall is a custom FreeBSD, so you could add it yourself.  The problem is 
that m0n0 runs in memory.  It is done so that you do not have to write your 
CF disk to death.  So it runs on a ram disk in a small memory footprint. 
Squid takes a good bit of memory, and a bunch of disk cache, which for m0n0 
is more memory.  You would either have to rewrite the code to run from a 
hard disk, or have a lot of memory.  And running from a hard disk means the 
disk image could be hacked or overwritten, and you loose some security.  On 
a one off, it would be do-able with a big CF, and probably a gig of ram or 
more. (If you make squid have only a 500 meg disk cache)  You can see why 
this might have a limited appeal.