Description

This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.

42 How do I make Web/HTTP work through my firewall?

There are three ways to do it.

1. Allow ``established'' connections out via a router, if you are using
screening routers.
2. Use a web client that supports SOCKS, and run SOCKS on your bastion
host.
3. Run some kind of proxy-capable web server on the bastion host. Some
options include Squid <URL:http://squid.nlanr.net/>, Apache
<URL:http://www.apache.org/docs/mod/mod_proxy.html>, Netscape
Proxy <URL:http://home.netscape.com/proxy/v3.5/index.html>, and
http-gw from the TIS firewall toolkit. Most of these can also proxy
other protocols (such as gopher and ftp), and can cache objects
fetched, which will also typically result in a performance boost for
the users, and more efficient use of your connection to the Internet.
Essentially all web clients (Mozilla, Internet Explorer, Lynx, etc.)
have proxy server support built directly into them.

Continue to:

• prev: 41 Do I really want to allow everything that my users ask for? (Firewalls)
• Index
• next: 43 How do I make SSL work through the firewall?