Dale Amon wrote: > On Wed, Dec 31, 2003 at 03:05:43PM +0100, Richard Atterer wrote: >> On Wed, Dec 31, 2003 at 11:33:02AM +0200, Haim Ashkenazi wrote: >> > I have a client that have an exchange server inside the LAN and he >> > wants to access the web interface from the world. I thought I'll put a >> > transparent proxy server on the DMZ. apt-cache search proxy gave a few >> > options but except squid (which is a little overkill for this) I don't >> > know any of them (especially in terms of security) and I'm looking for >> > recommendations. >> >> Um, do I understand correctly that you want to allow access from the >> internet to a machine in your client's LAN? In that case, squid is indeed >> the wrong solution. > > I think they may be talking about MS Exchange Server. > The program I like to think of as "The Internet's > Answer to the Petrie Dish*" ;)
> > I do not think I would use the words "Exchange Server" > and "Security" in the same breath. couldn't agree more. if only all my clients would feel this way... > > On the serious side, you probably could allow a port > redirect to that machine if there are no other web > services to be accessed. wouldn't port redirection allow direct access to the exchange server? I thought I would put something in the middle... it doesn't really matter what's on the other side. I thought that this setup (proxy firewall) would be more secure then direct access (even to apache...). thanx -- Haim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
