Botp wrote:
> Robert Klemme [mailto:bob.news / gmx.net] wrote:
> 
> #Hm, I don't actually see the point in first restricting
> #client's access to
> #the internet and then enabling it again via a general proxy on
> #server_1.
> 
> Yes, but i do not want to lose my job.

A good justification. :-)

> #Firewalls usually do this with NAT for example.  So why cook
> #your own in
> 
> The client is soo far away fr the fw. I do not want to add dirt on
> the routing tables of the routers. Too much dirt/holes already :-( 
> 
> #Ruby?  Sounds like if you want to introduce a security hole, which
> the 
> #folks responsible for the internet access are not going to like.
> 
> I agree. And am part of them.

Ouch.

> In a corp world, sometimes you have to ack like a corpse :-(

I know, I know.  And I don't envy you on this one.

Kind regards

    robert