SunScreen 3.1 Administration Guide

Preparing to Use Proxies

SunScreen includes four proxies:

Each one is a completely separate user-level application, although they use some shared data and policy files for authentication. Certain of the proxies provide some content filtering or user authentication or both. They allow or deny sessions based on the source and destination addresses.

The rc script, proxy, located in /etc/init.d and the symbolic link to /etc/rc2.d/S79proxy is used to start up the proxies as needed. The script checks if the proxy executable is in /opt/SUNWicg/SunScreen/proxies, that the corresponding policy file is in /etc/opt/SUNWicg/SunScreen/proxies, and that the policy file has a size larger than zero. If these requirements are not met, the proxy will not start.

Note -

The policy rule compiler uses this script to cause the each proxy to reread its policy file as needed.

You must disable the corresponding standard network service (if any) for HTTP proxies to function. If you have installed an HTTP daemon, you must disable it before the HTTP proxy will work. Conflicting standard Solaris servers for telnet, FTP, and SMTP are handled automatically during policy activation. See the SunScreen Reference Manual for further details.