Very Computer

by **Martin Si** » Sat, 06 Nov 1999 04:00:00

Dear Sir,

I am now proposing to setup Proxy server for our company. The objective is:

1) Acting as Firewall,
2) Mail Relay Agent,
3) Enabling virtual IP addressing scheme,
4) Web caching.
5) No impact on our PPTP / RAS connection.

We are sitting in one microsoft networking environment and mail server is MS
Exchange v4.0. We now have two options to setup the Proxy server. One is MS
Proxy 2.0 and another is Linux TIS Firewall. I think that most people have
experiences on this two products and really hope that you could give any
opinions on this issue.

Martin

by **Page, Daniel [SKY:1U15:EXCH** » Sat, 06 Nov 1999 04:00:00

> Dear Sir,

> I am now proposing to setup Proxy server for our company. The objective is:

> 1) Acting as Firewall,
> 2) Mail Relay Agent,
> 3) Enabling virtual IP addressing scheme,
> 4) Web caching.
> 5) No impact on our PPTP / RAS connection.

> We are sitting in one microsoft networking environment and mail server is MS
> Exchange v4.0. We now have two options to setup the Proxy server. One is MS
> Proxy 2.0 and another is Linux TIS Firewall. I think that most people have
> experiences on this two products and really hope that you could give any
> opinions on this issue.

> Martin

I recommend Wingate for proxy server. The other way to go is IP
Masquerading. This gives you a more "direct" access to the net.

Dan

by **David Robert** » Sat, 06 Nov 1999 04:00:00

Check out:

www.winroute.com

www.linuxrouter.org

Quote:> Dear Sir,

> I am now proposing to setup Proxy server for our company. The objective
is:

> 1) Acting as Firewall,
> 2) Mail Relay Agent,
> 3) Enabling virtual IP addressing scheme,
> 4) Web caching.
> 5) No impact on our PPTP / RAS connection.

> We are sitting in one microsoft networking environment and mail server is
MS
> Exchange v4.0. We now have two options to setup the Proxy server. One is
MS
> Proxy 2.0 and another is Linux TIS Firewall. I think that most people
have
> experiences on this two products and really hope that you could give any
> opinions on this issue.

> Martin

by **Dario Fernando Agudel** » Sat, 06 Nov 1999 04:00:00

why don't you consider a cache/proxy like Squid?

I have tested CERN, Apache and Squid and the later seems to be the choice
regarding cache/proxy especialized software.

Dario Agudelo

Quote:>Dear Sir,

>I am now proposing to setup Proxy server for our company. The objective is:

>1) Acting as Firewall,
>2) Mail Relay Agent,
>3) Enabling virtual IP addressing scheme,
>4) Web caching.
>5) No impact on our PPTP / RAS connection.

>We are sitting in one microsoft networking environment and mail server is
MS
>Exchange v4.0. We now have two options to setup the Proxy server. One is MS
>Proxy 2.0 and another is Linux TIS Firewall. I think that most people have
>experiences on this two products and really hope that you could give any
>opinions on this issue.

>Martin

by **A Wingenbac** » Sun, 07 Nov 1999 04:00:00

I'm still fairly new to Linux networking, but have quite a bit of experience
with NT, Exchange (4.0 - 5.5), and MS Proxy (1&2). A few things I can say
with the knowledge to back it up:
- MS Exchange is a great mail server for Win clients on a network, but the
extra functionality and features in Exchange 5.5 make the cost of the
upgrade more than worthwhile in a corporate network. For example, Exchange
4.0 does not even include an internet mail connector!
- MS Proxy should not be considered secure in any way. Either version.
- The proxy service is too tied to IIS in NT. Any change made to the www
server config affects the proxy config and vice versa. Same applies when
proxy service crashes - it takes the www server with it. This WILL happen
if you're logging in proxy or www and using access control. And it'll be on
the long weekend you go camping without a cell phone or pager....... (trust
me on this one)

I've been experimenting with Linux firewalling using ipchains and ipmasqadm.
It's taken a bit of time to get used to, but overall I'm impressed with the
stability, speed, and security of this setup. I'm hoping to implement a
Linux firewall box in the near future, but still have a few things to work
out.

Allan Wingenbach
Banff, Alberta, Canada
www.banffgondola.com/cam

Quote:> Dear Sir,

> I am now proposing to setup Proxy server for our company. The objective
is:

> 1) Acting as Firewall,
> 2) Mail Relay Agent,
> 3) Enabling virtual IP addressing scheme,
> 4) Web caching.
> 5) No impact on our PPTP / RAS connection.

> We are sitting in one microsoft networking environment and mail server is
MS
> Exchange v4.0. We now have two options to setup the Proxy server. One is
MS
> Proxy 2.0 and another is Linux TIS Firewall. I think that most people
have
> experiences on this two products and really hope that you could give any
> opinions on this issue.

> Martin

by **Ask M** » Mon, 08 Nov 1999 04:00:00

Hi when i were u use a professional thing ( but it costs )

a example is a combination of MsProxy and PIX Firewall

another thing is the Checkpoint Firewall One and a proxy which support the
CVP (Content Vectoring Protocol )

Greeetings

also u can use a cisco router with iosFriewall feature set. and a ms proxy.

it would also fulfill ur req. but how important is securitiy ?

Greetings

by **Martin Si** » Tue, 09 Nov 1999 04:00:00

I have studied your suggestion and then summaries as below:

ipchains: used to package filtering (Firewall function),
ipmasqadm: used to control the masquerading, ((NAT function),
squid: used to control the transparent proxying, (web cache proxy function),
ipportfw: used to port forwarding. The internet can directly use the
internal network service. (Mail Relay function, it can allow our Exchange
Server to send /receive mail as normal.)

Have it no any impact on our PPTP connection?

It is my understanding. If it have any incorrect, please point out it.

Martin

>I'm still fairly new to Linux networking, but have quite a bit of
experience
>with NT, Exchange (4.0 - 5.5), and MS Proxy (1&2). A few things I can say
>with the knowledge to back it up:
>- MS Exchange is a great mail server for Win clients on a network, but the
>extra functionality and features in Exchange 5.5 make the cost of the
>upgrade more than worthwhile in a corporate network. For example, Exchange
>4.0 does not even include an internet mail connector!
>- MS Proxy should not be considered secure in any way. Either version.
>- The proxy service is too tied to IIS in NT. Any change made to the www
>server config affects the proxy config and vice versa. Same applies when
>proxy service crashes - it takes the www server with it. This WILL happen
>if you're logging in proxy or www and using access control. And it'll be
on
>the long weekend you go camping without a cell phone or pager.......
(trust
>me on this one)

>I've been experimenting with Linux firewalling using ipchains and
ipmasqadm.
>It's taken a bit of time to get used to, but overall I'm impressed with the
>stability, speed, and security of this setup. I'm hoping to implement a
>Linux firewall box in the near future, but still have a few things to work
>out.

>Allan Wingenbach
>Banff, Alberta, Canada
>www.banffgondola.com/cam

>> Dear Sir,

>> I am now proposing to setup Proxy server for our company. The objective
>is:

>> 1) Acting as Firewall,
>> 2) Mail Relay Agent,
>> 3) Enabling virtual IP addressing scheme,
>> 4) Web caching.
>> 5) No impact on our PPTP / RAS connection.

>> We are sitting in one microsoft networking environment and mail server is
>MS
>> Exchange v4.0. We now have two options to setup the Proxy server. One is
>MS
>> Proxy 2.0 and another is Linux TIS Firewall. I think that most people
>have
>> experiences on this two products and really hope that you could give any
>> opinions on this issue.

>> Martin

by **Ed Crowle** » Mon, 29 Nov 1999 04:00:00

If you choose to use MS Proxy Server, may I suggest you use the IIS SMTP
service to relay your SMTP instead of doing it through Proxy?
--
Ed Crowley MCSE+Internet MVP
Senior Consultant
NCR Corporation

Quote:> Dear Sir,

> I am now proposing to setup Proxy server for our company. The objective
is:

> 1) Acting as Firewall,
> 2) Mail Relay Agent,
> 3) Enabling virtual IP addressing scheme,
> 4) Web caching.
> 5) No impact on our PPTP / RAS connection.

> We are sitting in one microsoft networking environment and mail server is
MS
> Exchange v4.0. We now have two options to setup the Proxy server. One is
MS
> Proxy 2.0 and another is Linux TIS Firewall. I think that most people
have
> experiences on this two products and really hope that you could give any
> opinions on this issue.

> Martin

by **Brett I. Holcom** » Mon, 29 Nov 1999 04:00:00

Also, the last version of Proxy won't install unless you have Back Office
installed. I tried to install Proxy server on my NT Enterprise 4.0 server
and it wouldn't do it.

--
Brett I. Holcomb

Microsoft MVP
AKA Grunt<><
Remove R777 to reply

> If you choose to use MS Proxy Server, may I suggest you use the IIS SMTP
> service to relay your SMTP instead of doing it through Proxy?
> --
> Ed Crowley MCSE+Internet MVP
> Senior Consultant
> NCR Corporation

> > Dear Sir,

> > I am now proposing to setup Proxy server for our company. The objective
> is:

> > 1) Acting as Firewall,
> > 2) Mail Relay Agent,
> > 3) Enabling virtual IP addressing scheme,
> > 4) Web caching.
> > 5) No impact on our PPTP / RAS connection.

> > We are sitting in one microsoft networking environment and mail server
is
> MS
> > Exchange v4.0. We now have two options to setup the Proxy server. One is
> MS
> > Proxy 2.0 and another is Linux TIS Firewall. I think that most people
> have
> > experiences on this two products and really hope that you could give any
> > opinions on this issue.

> > Martin

by **Bob Pelletie** » Mon, 29 Nov 1999 04:00:00

Martin,

I used MS Proxy at several sites and for my office as well. So I have
some experience with that that package. I haven't used or heard of the
Linux TIS Firewall package. So I cann't comment on that.

With MS Proxy I also felt that there were things that would go wrong or
wouldn't work and quite honestly I could not figure out why. The was
documentation always seem a little hard to follow and a couple of $200
calls to MS never alleviated my concerns. Quite honestly, the calls only
deepened my concern about MS Proxy.

This is one of the reasons I've just converted to OpenBSD and QMAIL for
my internet / firewall / mail server. With having a good knowledge of
TCP/IP, and some knowledge of UNIX I was able to set it all up (though
not completely tuned) in a weekend. I was simply stunned at how well it
all went, and how simple it all was. So far I'm extremely satisfied with
OpenBSD.

Once I've had a chance to give OpenBSD the acid test, get it optimized
and tuned, I'm going to start switching my customers from MS Proxy to
this solution.

If you are still open to looking at other packages, I'd recommend
looking at the OpenBSD package, especially the ext version 2.6 which
incorporates OpenSSH right in the package. I still have yet to put it
through the ringer, but from the articles that I read, its a good
secure, reliable and the fastest TCP/IP stack of the open source *nix
packages.

You can check it out at www.openbsd.org

Good Luck,

Bob Pelletier
CNE, MCP
Pacific Coast Technologies, Inc.
Systems Analyst

[ SNIP ]

> > > Dear Sir,

> > > I am now proposing to setup Proxy server for our company. The objective
> > is:

> > > 1) Acting as Firewall,
> > > 2) Mail Relay Agent,
> > > 3) Enabling virtual IP addressing scheme,
> > > 4) Web caching.
> > > 5) No impact on our PPTP / RAS connection.

[ SNIP ]

Quote:> > > Martin

by **Brent Arkle** » Tue, 30 Nov 1999 04:00:00

From what i have heard, MS Proxy is meant to be very secure, in fact the
US Army were using it in Kosovo (so i heard). Anyway even though it is
secure it has an uncanny habbit of stuffing up (to put it mildly) for no
known or logical reason, actually only with winsock proxy.

Linux is harder to configure but works great.

All in all i would recommend Linux

-----Original Message-----

Posted At: Monday, 29 November 1999 9:36
Posted To: networking
Conversation: Best Choice of Proxy Server: MS Proxy / Linux TIS
Subject: Re: Best Choice of Proxy Server: MS Proxy / Linux TIS

Martin,

I used MS Proxy at several sites and for my office as well. So I have
some experience with that that package. I haven't used or heard of the
Linux TIS Firewall package. So I cann't comment on that.

With MS Proxy I also felt that there were things that would go wrong or
wouldn't work and quite honestly I could not figure out why. The was
documentation always seem a little hard to follow and a couple of $200
calls to MS never alleviated my concerns. Quite honestly, the calls only
deepened my concern about MS Proxy.

This is one of the reasons I've just converted to OpenBSD and QMAIL for
my internet / firewall / mail server. With having a good knowledge of
TCP/IP, and some knowledge of UNIX I was able to set it all up (though
not completely tuned) in a weekend. I was simply stunned at how well it
all went, and how simple it all was. So far I'm extremely satisfied with
OpenBSD.

Once I've had a chance to give OpenBSD the acid test, get it optimized
and tuned, I'm going to start switching my customers from MS Proxy to
this solution.

If you are still open to looking at other packages, I'd recommend
looking at the OpenBSD package, especially the ext version 2.6 which
incorporates OpenSSH right in the package. I still have yet to put it
through the ringer, but from the articles that I read, its a good
secure, reliable and the fastest TCP/IP stack of the open source *nix
packages.

You can check it out at www.openbsd.org

Good Luck,

Bob Pelletier
CNE, MCP
Pacific Coast Technologies, Inc.
Systems Analyst

[ SNIP ]

> > > Dear Sir,

> > > I am now proposing to setup Proxy server for our company. The
objective
> > is:

> > > 1) Acting as Firewall,
> > > 2) Mail Relay Agent,
> > > 3) Enabling virtual IP addressing scheme,
> > > 4) Web caching.
> > > 5) No impact on our PPTP / RAS connection.

[ SNIP ]

> > > Martin

by **Phil Wilso** » Thu, 02 Dec 1999 04:00:00

Quote:> If you choose to use MS Proxy Server, may I suggest you use the IIS SMTP
> service to relay your SMTP instead of doing it through Proxy?
> --
> Ed Crowley MCSE+Internet MVP
> Senior Consultant
> NCR Corporation

May I ask why?

> > Dear Sir,

> > I am now proposing to setup Proxy server for our company. The objective
> is:

> > 1) Acting as Firewall,
> > 2) Mail Relay Agent,
> > 3) Enabling virtual IP addressing scheme,
> > 4) Web caching.
> > 5) No impact on our PPTP / RAS connection.

> > We are sitting in one microsoft networking environment and mail server
is
> MS
> > Exchange v4.0. We now have two options to setup the Proxy server. One is
> MS
> > Proxy 2.0 and another is Linux TIS Firewall. I think that most people
> have
> > experiences on this two products and really hope that you could give any
> > opinions on this issue.

> > Martin

by **Ed Crowle** » Fri, 03 Dec 1999 04:00:00

It's a better defense against UCE relaying since you can be very specific
about what to relay (i.e., only inbound mail for your domain, and outbound
mail from your Exchange server). Proxy isn't technically a firewall, and
port filtering is really a firewall function.
--
Ed Crowley MCSE+Internet MVP
Senior Consultant
NCR Corporation

> > If you choose to use MS Proxy Server, may I suggest you use the IIS SMTP
> > service to relay your SMTP instead of doing it through Proxy?
> > --
> > Ed Crowley MCSE+Internet MVP
> > Senior Consultant
> > NCR Corporation

> May I ask why?

> > > Dear Sir,

> > > I am now proposing to setup Proxy server for our company. The
objective
> > is:

> > > 1) Acting as Firewall,
> > > 2) Mail Relay Agent,
> > > 3) Enabling virtual IP addressing scheme,
> > > 4) Web caching.
> > > 5) No impact on our PPTP / RAS connection.

> > > We are sitting in one microsoft networking environment and mail server
> is
> > MS
> > > Exchange v4.0. We now have two options to setup the Proxy server. One
is
> > MS
> > > Proxy 2.0 and another is Linux TIS Firewall. I think that most people
> > have
> > > experiences on this two products and really hope that you could give
any
> > > opinions on this issue.

> > > Martin

by **Phil** » Mon, 06 Dec 1999 04:00:00

What is UCE relaying?

* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!