Well, I can tell you about my experience. Our Network works like this out
by itself. The Chat and Sharing blocks are a bonus.

There is a private class B subnet with all of our stations on it. To get
out, they have to cross a Linux NAT box which only allows traffic I enable,
like web and FTP, and mail. In the DMZ are our Dial-Up boxes(we are an
ISP), and a proxy server. Now, our users are forced to use this proxy
server because the router that goes to the internet will only allow port 80
traffic from the proxy server.

The dial-ups are happy because they notice nothing as the dial-up boxes
automatically send all web traffic to the cacheflow anyways. Our staff
can't tunnel out via port 80 because only the proxy server is allowed out
and so it's an indirect connection for the users.

Hope this helps.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]