3.3 Firewall with Proxy Server

If you need to monitor where users of your network are going and your network is small, you can intergrate a proxy server into your firewall. ISP's some times do this to create interest list of their users to resell to marketing agencies.

_/\__/\_       | Proxy / | _______________

|             |        | Firewall |    (LAN)    | | / Internet \----       |    System   |--(HUB)-- | Workstation/s |

\_ _ _ _/   |__________ |        |_______________ |

\/ \/ \/

You can put the proxy server on your LAN as will. In this case the firewall should have rules to only allow the proxy server to connect to the Internet for the services it is providing. This way the users can get to the Internet only through the proxy.

_/\__/\_     | | _______________

| | | Firewall | (LAN) | | / Internet \----       |    System   |--(HUB)-- | Workstation/s |

\_ _ _ _/   |__________ |    |    |_______________ |

\/ \/ \/ | ______________

| | |

+----        |  Proxy Server |

|______________ |

If you are going to run a service like YAHOO or maybe SlashDot you may want to make your system by using redundant routers and firewalls. (Check out the High Availability HowTo.)