On Mon, 11 Mar 1996, Jay Tingiris wrote:
> Low Cost Firewall: $2,000 US (hardware/software included)
I note that labor costs are not included ;-)
> 1) TCP/IP filtering mechanism that allows for priority queuing
> 2) HTTP caching proxy support (internal and external)
> 3) FTP caching proxy support (internal and external)
> 4) GOPHER caching proxy support (internal and external)
CERN (or W3) httpd http://www.w3.org/httpd
> 5) Telnet proxy support (internal and external)
> 6) SMTP secured mail transport mechanism (inbound and outbound)
TIS Firewall toolkit ftp.tis.com
> 7) DNS Server Capability (forwarding, caching, and secondary support)
BIND (comes with FreeBSD)
> 8) HTTP Server Support for External/Internal WWW pages
Apache (http://www.apache.org) can easily do virtual domains so just give
your host two IP addresses named www.your.org and inhouse.your.org
> 9) MBONE tunnel endpoint (secure internal broadcast)
FreeBSD can do MBONE, not sure about secure internal broadcast but I
suspect the ipfw packet filtering (man ipfw) will deal with that.
> 10) IRC Client and Server support (internal and external)
Internal is easily handled by ipfw packet filtering. It's probably a bad
idea to access external IRC networks through the firewall. In any case,
you don't need to run an IRC server to access the global IRC nets.
> 11) WAIS caching proxy support (internal and external)
> 12) POP mail support
comes with freeBSD (get Qualcomm popper from the ports collection)
> 13) Automatic Status reports and cache management features.
with PERL, you can do wonders!
> 14) ALL ON THE SAME MACHINE!
Not the best way to do things, but for somebody with a $2,000 budget this
is likely the only choice. Note that I already have much of the above
working on my home LAN which uses RFC1918 addresses and I think that for
a home LAN or a small organization, this is a reasonable architecture.
> Internet services. It must also be configurable to support raw port tunneling
> for other obscure services such as NFS or MBONE.
NFS? I was under the impression that NFS is not possible through
a firewall in a secure manner.
You haven't mentioned wierd stuff like RealAudio up there. If you need to
open up UDP ports there is also a package called UDPrelay out there somewhere
that works similar to TIS fwtk plug-gw.
Setting this up is npt going to be simple, but if you have the time, it
can be done.
Michael Dillon Voice: +1-604-546-8022
Memra Software Inc. Fax: +1-604-546-3049
http://www.memra.com E-mail: michael @