On 20.10 14:01, Derrick MacPherson wrote: > Our network looks like: > > Internet > | > Firewall---DMZ > | > LAN > > We are wanting to either have a forward or interception proxy, though > I'm unsure of the reasons for choosing one over the other, can someone > explain that to me? Don't use interception unless you really must. Interception is bad and breaks some things (e.g. disallows proxy authentication). If you use NAT on firewall, put proxy into DMZ only if you don't NAT from LAN to DMZ (unles you use 1:1 NAT, which is usually not the case), otherwise you won't be able to log source IP's of proxy connections. Proxy usually doesn't need to be accessible from outside, so it doesn't need to be in DMZ, unless you use NAT _and_ your NAT device/firewall isn't able to track/NAT FTP connections - in such case you'd only be able to use passive connections, which may not work fot FTP Servers behind similar firewalls. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse
