1. Allow ``established'' connections out via a router, if you are using screening routers.
2. Use a web client that supports SOCKS, and run SOCKS on your bastion host.
3. Run some kind of proxy-capable web server on the bastion host. Some options include Squid, Apache, Netscape Proxy, and http-gw from the TIS firewall toolkit. Most of these can also proxy other protocols (such as gopher and ftp), and can cache objects fetched, which will also typically result in a performance boost for the users, and more efficient use of your connection to the Internet. Essentially all web clients (Mozilla, Internet Explorer, Lynx, etc.) have proxy server support built directly into them.
No comments:
Post a Comment