Firewall Wizards mailing list archives
newbie: Proxy as Bastion Host?
From: Andre Anneck <andre.anneck () pmbs de>
Date: Tue, 22 Jun 1999 08:24:13 +0200
Hi there, I have been reading the security advisories of FreeBSD, Linux, read the book "SATAN" from O'Reillly, and browsed through a lot of web-information about Firewall concepts etc. I did all this because I am in need to present a Firewall concept to our managers... *sweat*. Now the Question. I read that as bastion host is usually used as a proxy, socks, auhtentification server that resides before the firewall. The idea behind this bastion host is to only allow certain connection types _from_ the bastion host to the firewall, and block off all other request of these connection types. [right/wrong?] Now, what I didnt find in the books is a good explanation WHY it would be better to have the "proxy" outside as a bastion host, instead of behind the firewall. The firewall could basically work as a proxy too... Now as I trust the books when they say its better to have proxy be a bastion host, I still have to explain the WHY to our managers.... Can someone explain the Why to me? TIA, Andre Anneck
Current thread:
- newbie: Proxy as Bastion Host? Andre Anneck (Jun 22)
- Re: newbie: Proxy as Bastion Host? Leonard Miyata (Jun 22)
- Re: newbie: Proxy as Bastion Host? Patrick M. Hausen (Jun 22)
- Re: newbie: Proxy as Bastion Host? Carric Dooley (Jun 23)