Legend
Sage (Sun): Oracle server for BSD
Parsley (Sun): Oracle server for SLAC (e.g. CANDO)
Web-proxy (Sun or NT?): allows BSD folks to have a single way of getting to outside BSD web pages & thus allows blocking of most Web access.
ssh (Sun): allows single point of access to BSD for Unix logon thus allowing blocking of most ssh logons
DHCP (Sun): dynamic host configuration server needed if DHCP blocked
PS (NT): PeopleSoft server for BSD
SMS’ (NT), NTFS’ (NT): provides support for separate BSD NT domain
ISDN (Cisco): allows dialin access to BSD from home
Notes:
The web proxy should be outside BSDnet and all inside browsers confured to
use it. That way the ACLs can include a narrowly defined 'permit' rule
for TCP connections to port 80 of the web proxy. The problem with the web
proxy on the inside is that the rule would have to allow tcp out to
anywhere on any port with the only restriction being 'from the proxy'. John
did some testing and found that the Netscape 3.01 browser can be
configured to use the CERN server as a proxy. Can
Netscape server be configured to act as a proxy?
There should probably be one or two slave-mode DNS servers in BSDnet,
with the filters restricting DNS traffic to only those servers. Sage
could be so configured; don't know about NT.
Similarly, there may be some value to having one or two NTP servers
inside the bsd firewall and restricting cross-firewall NTP traffic